China could use new Cyber-Security Law to exploit ‘foreign’ vulnerabilities

By Filip Truta on Sep 05, 2017 | 0 Comments

China’s new cyber-security law, in effect since June 1st, contains vague and onerous language that authorities could invoke to compel security checks, forcibly demand data or to inspect proprietary technology.

Unlike the western hemisphere, where new regulations are being set in place to protect data both for the customer and for the companies that process it – in essence, putting the people first – the eastern parts of the world (Russia, China, et.al) are enforcing new legislation focused on serving the state’s needs first – and quite visibly so.

Whereas the Kremlin has demanded that messaging services like Telegram hand over data that may be concern national security, China is going to even greater lengths to control information flow, both domestically, and beyond the Great Firewall.

‘Network operators’

The Republic’s new cyber-security law targets organizations defined as “network operators” by the China Information Technology Evaluation Center (CNITSEC) – a division of the Ministry of State Security. Network operators are subject to national security review, according to the law.

Audit and advisory firm KPMG has conducted an analysis of the law and found that China essentially regards network operators as any enterprise or institution that provides services or conducts business through “networks.”

These include traditional telecom operators and Internet firms, financial institutions that collect citizens’ personal information and provide online services (banking institutions, insurance companies, securities companies, and any type of foundation), as well as enterprises that have websites and provide network services. Cyber-security companies, and even fast-food delivery firms, are in the same boat, because of the sheer amount of customer data they handle daily.

Full story: https://businessinsights.bitdefender.com/china-cybersecurity-law-espionage-vulnerabilities