bodyType

customContents

entityId

entityUuid

articlePageQuery

filter

article

articleBaseAdvertisingInfoArticle

articleListArticle

articleSeoArticle

hooksArticleAcknowledgementGateOverlayArticle

hooksTrackPageViewArticle

hooksContentInterestArticle

articleLinkingDataContent

hooksAmpRedirectArticle

articleSchemaContent

liveArticle

advertZone

sentiment

contentLock

topics

types

sections

paywallTypes

createdDate

publishedDate

urlAlias

moreOnThisArticles

sponsorType

commentCount

authorLocations

authors

corrections

displaySlideShow

multimediaEmbed

printHeadline

seriesContainer

articleSpeeches

socialHeadline

headline

images

flag

firstTopic

glossary

flattenTypeIds

image

relatedLinks

relatedNewsletters

__typename

sponsor

pdfFiles

seriesReverseOrder

series

disableOffPlatformContent

published

updatedDate

summary

subHeadline

body

keywords

readingTime

customTimezone

liveContents

Linda Lew

Guo Rui

China’s proposed cybersecurity regulations could delay alerts to the public and business about critical threats, specialists have warned.
The draft rules issued by the Cyberspace Administration of China on Wednesday would require police and government regulators to be notified before any information is made public.
They also prohibit the public sharing of technical information such as malicious source codes or security loopholes.
The proposed rules, open for public consultation until December 19, would cover media reports, online discussions, public forums and messages from security apps.
China-linked hackers stealing military and government text messages, says cybersecurity firm FireEye
The cyberspace administration said the new rules were designed to strengthen cybersecurity, prevent profiteering and stop illegal exploitation of online security.
It also said the enforced delay would give police and regulators time to mitigate any damage.
But one cybersecurity expert – who wished to be identified only by the alias MDrights – said the proposed rules could limit sharing of knowledge among specialists and impair their ability to fix these security flaws.
“This [technical] information needs to be communicated to the industry. We need to know how the attacks happen so we know how to protect against them, and everyone can learn and improve together,” he said.

The regulations would also significantly affect the way the Chinese media could cover cybersecurity threats, Wang Boyuan, a Chinese technology writer, warned.
“There is basically nothing left to write about. The rules ban many things relating to cybersecurity incidents from being disclosed,” Wang said.
“Chinese media will need to notify authorities before they report on cybersecurity incidents.”
However, the watchdog insisted the media could continue “normal reporting” of cybersecurity news, as long as they complied with the notification requirement and did not disclose any data leaked due to cyberattacks.
It added that once the cybersecurity threat was reported to the authorities, the source did not need government approval for releasing the information to the public.
In a Q&A posted on the administrator’s website, it also complained that some cybersecurity firms had been exaggerating some threats for marketing purposes.
Chinese government hackers suspected of moonlighting for profit
Some industry specialists said the new rules could help to check malicious hackers and simplify the process of reporting threats.
Maxime Oliva, chief executive of cybersecurity firm TekID, said that currently people could report attacks to the police, the Ministry of Industry and Information Technology, or other regulators.
“Now we have a very clear, identified process of how to report,” he said.
Taiger Zhao, a lawyer from Dentons’ Shanghai Office, said he did not think the new rules would have a great impact on the flow of information and media reporting of cybersecurity threats although it would increase the workload involved in the process.

The new guidelines are the latest in a series of measures designed to enforce a cybersecurity law, introduced in 2017, which was described as a way to improve national security, safeguard internet sovereignty and the public interest.
The year before the law’s introduction Wooyun, one of the leading platforms for “white hats” – or ethical hackers who look for flaws in security systems to warn people of the risks – was shut down after several managers were reportedly detained.
The platform had faced numerous complaints after exposing security flaws in large companies’ websites although it was not clear whether anyone ever faced criminal charges.
However, the Wooyun archive had survived online until Wednesday’s announcement about the new rules.
It has since been taken down and replaced with a message that says: “Due to rules four, eight and 12 on the disclosure of cybersecurity threats, our website will be closed. Reopening to be determined.”

For more insights into China tech, sign up for our tech newsletters, subscribe to our award-winning Inside China Tech podcast, and download the comprehensive 2019 China Internet Report. Also roam China Tech City, an award-winning interactive digital map at our sister site Abacus.



Online shopping scams cost Hongkongers HK$14 million in first week of 2026

Dose of uncertainty: experts wary of AI health tech gadgets on display at CES trade show

HKMA in talks with SFC, Insurance Authority to promote fintech over next 5 years

All Hong Kong retail banks to offer anti-scam service, locking cash in accounts

Cybersecurity

New Chinese cybersecurity rules could delay release of threat alerts to business and public, tech specialists warn

The rules will require people to contact regulators and police before releasing information to the public. Photo: Shutterstock

FILE PHOTO: A man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Capitalizing on spying tools believed to have been developed by the U.S. National Security Agency, hackers staged a cyber assault with a self-spreading malware that has infected tens of thousands of computers in nearly 100 countries. REUTERS/Kacper Pempel/Illustration/File Photo

***PAY PER USE. Please re-download from vendor website.*** Shutterstock stock photo ID: 737510260 Ethernet cable with chinese flag in the background - Image The Cyberspace Administration of China (CAC) is working on a plan to take a minority stake with super voting power in the operator of business news aggregator wallstreetcn.com.

China cybersecurity rule on exporting of  personal information seen raising compliance costs for firms

A map of China is seen through a magnifying glass on a computer screen. Photo: Reuters

China steps up push to nurture cybersecurity companies to support digitisation of economy

In June 2017 China enacted a new cybersecurity law that covered all businesses that manage their own email or other data networks. Photo: Bloomberg

China tightens cybersecurity rules on domestic financial information providers to protect stock markets

The benchmark Shanghai Composite Index has lost 25 per cent so far this year, ending trading on Thursday at 2,483 points, making it one of the world’s worst performers in 2018. Photo: AP

Screen grab from CCTV live news showing Chinese officials attending the Central Economic Work Conference in Beijing, China. 21DEC18. Source: CCTV

Milan, Italy - August 15, 2018: Bloomberg LP online banking website homepage. Bloomberg LP logo visible. Photo: Shutterstock

epa06840583 An elder Chinese investor uses her mobile phone to view the stock prices at a securities brokerage house in Beijing, China, 26 June 2018. The Shanghai composite index closed at 2,844.51, down 0.52 percent. The Shenzhen composite index closed at 9,339.37, up 0.16 percent. EPA-EFE/WU HONG

China-linked hackers stealing military and government text messages, says cybersecurity firm FireEye

US and Chinese flags are hung outside a hotel during an event at the US embassy in Beijing in November 2012. Photo: AP

FILE PHOTO: Attendees walk by the FireEye booth during the 2016 Black Hat cyber-security conference in Las Vegas, Nevada, U.S. August 3, 2016. REUTERS/David Becker/File Photo

News

China

Politics

Tech

Policy


Draft guidelines state that police and regulators must be notified before any information about cybersecurity dangers is made public
Regulations are designed to prevent information being exploited, but security specialists fear ban on sharing technical details could hamper their ability to fix problems



Draft guidelines state that police and regulators must be notified before any information about cybersecurity dangers is made public.
