China Has A 3-Year Plan For Cyber Security

Uploaded on 2021-08-31 in INTELLIGENCE-Hot Spots-China, GOVERNMENT-National, FREE TO VIEW

China has published an administrative regulation on major IT infrastructure security, which will take effect from September.

In a related initiative, the Chinese authorities have released a three-year draft plan for the cyber security sector, aiming to create a nearly $39 billion market for an increasingly crucial part of China's broad efforts to strengthen data protection and ensure continued growth of the platform economy.

The regulation stipulates that key IT infrastructure projects, which refer to IT network facilities and information systems of major industries in key areas, will come under the country's special protection.

The country’s Ministry of Industry and Information Technology (MIIT) released the draft of its most detailed strategy yet for the development of China’s cyber security industry for public comment, mandating that key industries, including the telecommunications sector to  devote 10 per cent of their IT upgrade budget to cyber security by 2023.

Measures including monitoring, defense, and proper handling of cyber security risks and threats from both home and overseas will be carried out so as to ensure that relevant facilities are protected from attacks, intrusions, interference and sabotage.

The regulation came as the country's major IT infrastructure faces severe security challenges including frequent cyber attacks, according to a State Council statement.

The regulation also called on operators of major IT infrastructure projects to bear their primary responsibility of maintaining the integrity, confidentiality and availability of relevant data. Requirements for these operators include conducting security checks and risk assessments every year, and prioritising safe and creditable internet products and services in procurement.

Personal information and important data collected and produced by the operators during their operations within the Chinese mainland should be stored in the mainland, the regulation said, adding that security assessments will be necessary for business needs of providing such data overseas.

China's cyberspace authority last month solicited public opinion for a draft revision to the country's cyber security review regulations.

According to the draft revision, information infrastructure and data operators that possess over 1 million items of personal information shall be subject to cybersecurity review before seeking a listing abroad. Risks such as critical information infrastructure, core data, important data, or a large amount of personal information being influenced, controlled, or maliciously used by foreign governments after going public overseas will be evaluated in the review.

Last month, authorities launched a rigorous cyber security review by a joint team of regulators on the ride-hailing company DiDi Chuxing.Observers believe that efforts to balance development and security have become a major issue facing the country's digital and internet industries.

The cyber security related industry in China reached 170.2 billion Yuan (26.2 billion US dollars) in scale in 2020, according to the latest report issued at this year's China Internet Conference. Strengthened governance will provide a healthier environment for the development of the Internet sector with an emphasis on national security and user protection.

Global Times:      SCMP:    BigNewsNetwork:     Illinois News:    Taylor&Francis:   

Shanghai Image: Unsplash

You Might Also Read: 

EU & NATO Agree To Confront The Chinese Cyber Threat:

 

« Hackers Steal $100m From Japanese Cryptocurrency Exchange
Social Media Tries To Protect Afghan Users »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Quick Heal Technologies

Quick Heal Technologies

Quick Heal Technologies is a leading IT security solutions provider focused on endpoint and network security solutions.

CSO GmbH

CSO GmbH

CSO GmbH provide specialist consultancy services in the area of IT security.

FTAPI Software

FTAPI Software

FTAPI SecuTransfer is a software solution for end-to-end encrypted data exchange of large and sensitive data with customers and partners.

Neurosoft

Neurosoft

Neursoft is a fully integrated ICT company with Software Development, System Integration and Information Technology Security capabilities.

Mitre ATT&CK

Mitre ATT&CK

MITRE ATT&CK™ is a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.

S2S Group

S2S Group

S2S Group specialise in the destruction and management of IT assets at the end of the lifecycle.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum (GCF)

Global Cybersecurity Forum is a catalyst platform designed to create a more resilient and better cyberworld for all.

TechForing

TechForing

TechForing Ltd. works for business organization's cyber security and cyber crime incident managements. We help business to secure their business online.

Secret Intelligence Service (SIS - MI6)

Secret Intelligence Service (SIS - MI6)

The UK’s Secret Intelligence Service, also known as MI6, has three core aims: stopping terrorism, disrupting the activity of hostile states, and giving the UK a cyber advantage.

Triaxiom Security

Triaxiom Security

Triaxiom Security offers penetration testing, security audits, and strategic consulting customized to meet your needs.

Centroid

Centroid

Centroid is a cloud services and technology company that provides Oracle enterprise workload consulting and managed services across Oracle, Azure, Amazon, Google, and private cloud.

Arctic Group

Arctic Group

Arctic Group is a Swedish service provider focusing on cybersecurity, integration services and deployment of software development tools.

Daisy Corporate Services

Daisy Corporate Services

Daisy is one of the largest providers of communications and IT solutions across the UK, with a portfolio spanning unified communications, cloud, cyber security and resilience.

Brightworks Group

Brightworks Group

BrightWorks Group offer comprehensive technology operations and security operations consulting services, tailored to meet your specific needs.

American Binary

American Binary

American Binary is a Quantum Safe Networking (TM) and post-quantum encryption company.