Advertisement
Beijing pushes Chinese firms to report cybersecurity vulnerabilities early and often amid growing threats
- A new regulation seeks to protect computer networks and other information technology infrastructure in the country from cyberthreats
- It also forbids enterprises and individuals investigating cybersecurity weaknesses to disclose such information to overseas organisations
Reading Time:2 minutes
Why you can trust SCMP
China is redoubling efforts to protect the nation’s computer networks from hacking, spying and other cyberthreats by directing organisations to quickly report system vulnerabilities to authorities.
Advertisement
Companies providing online products and services must report the discovery of any weaknesses in their systems within two days to the Ministry of Industry and Information Technology (MIIT), according to a notice on Tuesday by the country’s cyberspace watchdog.
This regulation, which sets out how to handle cybersecurity loopholes, was developed by the Cyberspace Administration of China (CAC), the MIIT and the Ministry of Public Security (MPS). It will take effect on September 1.
It provides detailed guidelines for enforcing China’s Cybersecurity Law. Implemented in June 2017, the law vaguely stipulates how providers of internet products and services should report system vulnerabilities to their users and “related regulators”.
Advertisement
The government’s new mandate “is directed at regulating the process of vulnerability reporting in China, and inserting the MIIT and MPS as the responsible authorities into this process”, said Kenn Yee, policy analyst at Access Partnership.
Advertisement