Beijing pushes Chinese firms to report cybersecurity vulnerabilities early and often amid growing threats
- A new regulation seeks to protect computer networks and other information technology infrastructure in the country from cyberthreats
- It also forbids enterprises and individuals investigating cybersecurity weaknesses to disclose such information to overseas organisations
China is redoubling efforts to protect the nation’s computer networks from hacking, spying and other cyberthreats by directing organisations to quickly report system vulnerabilities to authorities.
Companies providing online products and services must report the discovery of any weaknesses in their systems within two days to the Ministry of Industry and Information Technology (MIIT), according to a notice on Tuesday by the country’s cyberspace watchdog.
The government’s new mandate “is directed at regulating the process of vulnerability reporting in China, and inserting the MIIT and MPS as the responsible authorities into this process”, said Kenn Yee, policy analyst at Access Partnership.
He described the latest regulation as “a way of formalising and giving clarity to the implementation process”.
It also forbids enterprises and individuals investigating cybersecurity vulnerabilities from providing such information to overseas organisations and individuals other than the provider of the product or service, according to the CAC’s notice.
These enterprises are expected to cooperate with authorities if system flaws are publicised before these are fixed.
The new regulation prohibits individuals and organisations from taking advantage of any system loopholes and weaknesses that may endanger online security in the country. It also bans illegal collection, sale or publication of information about such vulnerabilities.
Beijing wants cybersecurity reviews on foreign IPOs by tech firms
The latest mandate gives the existing Cybersecurity Law teeth amid increased efforts by cybercriminals to exploit system vulnerabilities to install malware, steal data and disrupt operations of various businesses.
Beijing has also been focusing on other fronts to boost network security, including boosting data privacy and tightening its control over Big Tech companies.
Rising tensions in tech and trade with the US have also made Chinese regulators more cautious about the security of the country’s vast troves of data.
China drafts plan to grow its cybersecurity industry as threats grow
The MIIT on Monday released the draft of its most detailed strategy yet for the development of China’s cybersecurity industry in a bid to make the country’s digital economy more resilient. The three-year plan will boost spending on the cybersecurity sector, which is forecast to be worth more than 250 billion yuan (US$38.6 billion) by 2023. Major industries such as telecommunications will need to devote 10 per cent of their tech upgrade budget to cybersecurity within the next three years.
Cybersecurity is also becoming synonymous with national security and state sovereignty, as both China and the US pour more effort into the field, according to analysts.