China enforces stricter response time to cyber breaches
A draft plan adopts a colour-coded system to reflect the degree of harm a cyberattack causes.
China’s Ministry of Industry and Information Technology (MIIT) has developed a draft contingency plan for assessing the intensity of a cyber incident and acting on it accordingly to address the growing concerns related to cyber breaches and data security.
The plan proposes a four-tier classification of data security incidents, adopting a colour-coded system to reflect the degree of harm inflicted upon national security, the economy or a company’s information network.
As per this plan, an incident will be issued a red warning and classified ‘especially grave’ if it involves losses of more than ¥1 billion ($141 million) and affects the personal information of over 100 million people or ‘sensitive’ information of over 10 million people.
Some obligations for incidents with red or orange warnings include the involved companies and relevant authorities establishing a 24-hour work rota to address the incident, notifying MIIT within ten minutes of the breach, etc.
MIIT has stated, ‘If the incident is judged to be grave… it should be immediately reported to the local industry regulatory department; no late reporting, false reporting, concealment or omission of reporting is allowed.’
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.