26 Feb 2024

China unveils comprehensive cybersecurity plan amid growing tensions with the US

The initiative includes measures such as emergency drills, data security training, and regulatory tightening in response to rising concerns over data breaches and unauthorised access to sensitive information.

As tensions between China and the USA escalate over accusations of cyberattacks and industrial espionage, China unveiled a comprehensive plan to bolster its cybersecurity defences. The initiative, published on the Ministry of Industry and Information Technology (MIIT) website, stresses China’s determination to reduce reliance on Western-made hardware and software amid hacking concerns from foreign entities.

The plan outlines a series of measures to address various cybersecurity risks, including ransomware attacks, vulnerability backdoors, and unauthorised remote operations. These measures include enhanced self-examination, precise management, and protective actions to mitigate potential threats.

One key aspect of the plan involves conducting emergency drills simulating ransomware attacks across more than 45,000 companies in China’s industrial sector by the end of 2026. These drills will prioritise the top 10% of companies in terms of revenue in each Chinese province, ensuring comprehensive preparedness against cyber threats.

Additionally, the plan aims to conduct over 30,000 data security training sessions and develop 5,000 data security professionals within the same timeframe, emphasising the importance of cultivating a skilled workforce capable of safeguarding sensitive information.

As China intensifies its efforts to fortify its cybersecurity infrastructure, implementing these measures underscores the government’s proactive stance in safeguarding national interests and mitigating potential cyber threats.

Over the past three years, China has ramped up regulation over data storage and transfer by domestic companies. This regulatory tightening led to hefty fines being imposed on tech giant Didi for data security breaches, signalling the government’s commitment to enforcing stringent cybersecurity measures.

Moreover, the Ministry of State Security issued a warning in December regarding using foreign geographic information software to collect sensitive data, particularly in critical sectors such as the military. In response, MIIT proposed a four-tier classification system to enhance its ability to address data security incidents effectively. Additionally, MIIT must be notified of any data breach within ten minutes of its occurrence, alongside other specified actions. Read more about the plan below.