China’s Cybersecurity Moves [Weekly Cybersecurity Brief]

skull in cyberspace
Share on facebook
Share on linkedin
Share on twitter
Share on email
Share on whatsapp

Cybersecurity has been a major topic on the plates of nations across the globe. As we know, it has certainly been on the mind of the United States’ government especially considering the slew of major attacks. And as the U.S. re-considers its approach to cybersecurity, across the world China is also taking a stance on its own cybersecurity. We outline some of the latest steps taken by China in what has been nearly a two-decade campaign to gain more control over information security.

To begin with, China is planning to invest more money in its cybersecurity industry. According to reporting from VOA, China’s technology ministry announced that it is implementing a three-year action plan aimed at further developing this sector. They estimate that this plan will help raise the worth of China’s cybersecurity field to more than $38 billion by 2023. But as it looks to grow its cybersecurity approach, China is also cracking down on the cybersecurity practices of others. The Cyberspace Administration of China has taken action to suspend use of apps that they consider a risk to “national data security.” Tech companies such as Full Truck Alliance and Kanzhun have had their user registration shut down by the agency while they undergo mandatory security reviews.

One of the companies garnering the most headlines for its encounter with these regulations is Didi Global Inc. As Reuters reports, at least seven of China’s departments sent on-site teams to conduct a cybersecurity review of the ride-hailing company. Included in the departments participating in the review are the Cyberspace Administration of China, Ministry of Public Security, Ministry of State Security, Ministry of Transport, Ministry of Natural Resources, State Taxation Administration and State Administration for Market Regulation. The focus on Didi comes as China puts together what it calls the Personal Information Protection Law designed to impose stricter rules on how tech companies handle users’ data. It is also set to activate the Data Security Law in September which requires companies dealing with what is considered “critical data” to conduct risk assessments and submit reports and those processing data related to national security to submit annual reviews. 

Along with the rules outlined in the Personal Information Law and Data Security Law, China is also requiring tech experts who discover weaknesses in computer security to report such information to its government. Once the government is made aware of the vulnerabilities, it will be up to them to decide what course of action will be taken. Not only does this block the sale of such information, but it prevents organizations from sharing it with other entities located outside of China with an exception for the product’s manufacturer. As the Cyberspace Administration of China explained in a statement, it is not permitted to “collect, sell or publish information on network product security vulnerabilities.” Additionally, institutions such as banks that are categorized as sensitive are “are required to use only Chinese-made security products wherever possible,” as reported by the Associated Press and shared by NBC News.

Key Takeaways:

“China Announces New Cybersecurity Industry Strategy” – VOA News, VOA

https://www.voanews.com/east-asia-pacific/voa-news-china/china-announces-new-cybersecurity-industry-strategy

  • China is planning to invest more money in its cybersecurity industry.
  • China’s technology ministry announced that it is implementing a three-year action plan aimed at further developing the sector to raise its worth to more than $38 billion by 2023.
  • Additionally, the Cyberspace Administration of China has taken action to suspend use of apps from companies such as Full Truck Alliance and Kanzhun that they consider a risk to “national data security.” 

“Chinese regulators send teams to Didi for cybersecurity review” – Yingzhi Yang, Yilei Sun and Tony Munroe, Reuters

https://www.reuters.com/technology/chinese-regulators-send-on-site-teams-conduct-cybersecurity-review-didi-2021-07-16/

  • At least seven of China’s departments sent on-site teams to conduct a cybersecurity review of the ride-hailing company Didi Global Inc.
  • Included in the departments participating in the review are the Cyberspace Administration of China, Ministry of Public Security, Ministry of State Security, Ministry of Transport, Ministry of Natural Resources, State Taxation Administration and State Administration for Market Regulation.
  • The focus on Didi comes as China puts together what it calls the Personal Information Protection Law and plans to implement the Data Security Law in September.

“China tightens control over cybersecurity in data crackdown” – The Associated Press, NBC News

https://www.nbcnews.com/tech/security/china-tightens-control-cybersecurity-data-crackdown-rcna1411

  • China is requiring tech experts who discover weaknesses in computer security to report such information to its government.
  • Once the government is made aware of the vulnerabilities, it will be up to them to decide what course of action will be taken.
  • As the Cyberspace Administration of China explained in a statement, it is not permitted to “collect, sell or publish information on network product security vulnerabilities.”

Discover More: