Beijing launches websites for reporting cybersecurity vulnerabilities in systems, apps and smart cars
- Aim is to keep Beijing abreast of loopholes within country’s mobile apps, connected cars and other internet products that could be exploited by cybercriminals
- Though mainly aimed at industry professionals such as app developers, everyday users can also make reports on the four platforms
The websites, officially called “cyberspace security and vulnerability professional databases”, are aimed at giving Beijing real-time updates about any loopholes within the country’s mobile apps, connected cars, automation systems and other general internet products that could be exploited by hackers or cybercriminals.
The four websites were launched by the cyberspace security bureau of the Ministry of Industry and Information Technology (MIIT) and will be operated by state-backed institutions.
One database accepts reports of potential weak spots in computers, telecommunications equipment, artificial intelligence and blockchain products.
Another handles problems in a wide range of industries, including materials, electronics, defence, energy, transport and civil nuclear facilities. The state-backed institution running the database, namely the China Industrial Control Systems Cyber Emergency Response Team (CICS-CERT), will also help to develop targeted solutions.
The app vulnerability database, meanwhile, is run by the China Software Testing Centre and the China Centre for Information Industry Development, two agencies under the ministry.
The China Automotive Technology & Research Centre, a state-owned enterprise based in Tianjin, runs the platform for reporting potential weaknesses in connected cars.
Though mainly aimed at industry professionals such as app developers, everyday users can also make reports on the four platforms once they have registered.
Their launch comes after the MIIT, the Cyberspace Administration of China (CAC) and the Ministry of Public Security launched a new regulation that took effect on Wednesday. It stipulates that online operators are obliged to fix bugs and banned from telling unrelated foreign entities about the loopholes.
It provides detailed guidelines for enforcing China’s Cybersecurity Law. Implemented in June 2017, the law stipulates how providers of internet products and services should report system vulnerabilities to their users and “related regulators”.
The new reporting databases come as China increases scrutiny of tech companies’ data-handling practices. The Personal Information Protection Law, which comes into effect in November, and the Data Security Law, which came into effect on Wednesday, have introduced stricter legal requirements for data service providers in the country.