Under China’s new security rules, internet operators must report hacks and cybercrimes within 1 hour

The operators are required to report damage caused by the incidents and measures taken, the probable cause, tips for investigation – including anything known about the attacker – the path of attack and existing loopholes, the draft said.

The draft especially stressed that major incidents should be reported within an hour.

From love scams to fake jobs, Asia-Pacific is new ‘ground zero’ for cybercrime

It describes three levels of incident, with the most severe level including leaks affecting the personal data of more than 100 million people, “affecting the work and lives of over 30 per cent of the population in a province”, “key information infrastructure disconnected for six hours” and harmful information viewed more than 1 million times or displayed for more than six hours on news media or government websites.

After the public comment period, the draft will go back to the CAC for edits.

In recent years, Chinese authorities have repeatedly stressed that the country faces a growing risk of cyberattack, data leaks, disinformation and AI-driven cognitive warfare, with the rapid growth of technology.

In an article published in September in China Internet and Information, the official journal of the CAC, State Security Minister Chen Yixin wrote, “Our biggest hidden risk is that our critical basic information infrastructure can be vulnerable to attack”.

“Our finance, energy, electricity, communications and transport operation networks have become key targets of cyberattacks from outside the country,” he wrote. “There would be dire consequences, such as transport disruptions, chaos in financial markets and paralysis of electricity supply if these systems were hacked, taken over, tampered with or sabotaged.”

02:04

‘Stop stealing’: China condemns US over Trojan horse cyberattacks on state-funded university

Without citing specific examples, Chen named new technologies that could introduce greater security uncertainty, including artificial intelligence, quantum communication, blockchain technology and satellite internet.

In a recent example, a breakdown in ride-hailing app Didi Chuxing last month affected thousands and caused an estimated 100 million yuan (US$14 million) loss. In the meantime, Alibaba Cloud suffered its second outage, which affected customers in mainland China, Hong Kong and the United States.

The incidents prompted discussion among experts, media commentators and netizens about how internet infrastructure had become a normal part of public life, just like gas and water, and its security needed to be emphasised and regularly maintained.

China indicts 52 per cent more cyber scammers than last year amid crackdown

China enacted its Cybersecurity Law in 2016, stressing the need to maintain control of the nation’s sovereign cyberspace and national security.

Building on that foundation, the Data Security Law was implemented in September 2021 to limit the ways data can be processed. The law also stresses the need to safeguard national security and interests, making the protection of data a national security priority.

Темы и теги

Китай Политика

интернет-оператор киберпреступление хакер правило течение час безопасность китай должный