China lays out glorious eight-point infosec masterplan

Aims to protect the people and the nation


The Chinese government has released sweeping new information security guidelines designed to enable public and private bodies to protect themselves more effectively against new cyber threats.

The State Council’s long list of recommendations spans just about every conceivable aspect of information security, painting a picture of a nation under siege from attackers and increasingly vulnerable thanks to its reliance on the internet.

It points to the need to better secure “energy, transport, finance and other fields of the national economy” as well as government departments.

On the government side, the guidelines include more auditing, security reporting and monitoring and a pledge to “reduce the number of internet connection points” – presumably to isolate highly classified data on specific machines.

The government also acknowledged the risk to industrial control systems, pledging to “strengthen the protection" of nuclear facilities, aerospace, advanced manufacturing, oil and gas pipelines, power systems, and more.

China also wants to “improve the information security certification and accreditation system”, step-up password protection in e-commerce and e-government, promote the use of “e-signatures” in banking and e-commerce and use strong encryption to protect classified information systems.

In addition, the plans include working towards better information sharing and exchange on cyber security matters, improving emergency response teams, and strengthening and promoting the ranks of information security professionals in the country.

Although short on any detail of exactly how all of this is going to be achieved, as a statement of intent it’s pretty comprehensive and with significant financial and human resources to hand, you can be pretty sure China will meet its goals.

However, throwing more technology at the problem may not be the best way for China to go, according to Kenny Lee, a principal consultant with Verizon Business Asia Pacific.

"Companies simply adopting more layers of technology may lead to false sense of security," he told The Reg.

"Many of today’s malware are undetectable due to increased customisation which renders anti-virus tools less effective. For example, on a case Verizon worked on, we identified a backdoor which was only recognised by one out of 40 AV vendors."

The government's proposals are nothing new, but if anything can be seen as a recognition of the importance of evolving information security strategies in key industries to protect national security and economic advantage.

If nothing else, a more secure China should at least reduce the number of unprotected machines which can be co-opted by cyber criminals.

There's no doubt China is an increasing target of attack for other states and cyber criminals.

Stats revealed in March claimed that attacks from outside the country had infected 8.9 million machines in 2011, up from five million a year earlier.®


Other stories you might like

  • TikTok US traffic defaults to Oracle Cloud, Beijing can (allegedly) still have a look
    Alibaba hinted the gig was worth millions each year

    The US arm of Chinese social video app TikTok has revealed that it has changed the default location used to store users' creations to Oracle Cloud's stateside operations – a day after being accused of allowing its Chinese parent company to access American users' personal data.

    "Today, 100 percent of US user traffic is being routed to Oracle Cloud Infrastructure," the company stated in a post dated June 18.

    "For more than a year, we've been working with Oracle on several measures as part of our commercial relationship to better safeguard our app, systems, and the security of US user data," the post continues. "We still use our US and Singapore datacenters for backup, but as we continue our work we expect to delete US users' private data from our own datacenters and fully pivot to Oracle cloud servers located in the US."

    Continue reading
  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading
  • China 'must seize TSMC' if the US were to impose sanctions
    So says Chinese economist, but it wouldn't achieve much if Taiwan destroyed its fabs first

    China should seize Taiwan to gain control of TSMC if the United States and its allies impose sanctions against the Middle Kingdom like those now in place against Russia, according to a prominent Chinese economist.

    The move follows the suggestion last year out of the US that Taiwan should be prepared to destroy its semiconductor factories if China were to invade.

    This latest development comes in a speech by Chen Wenling, chief economist for the China Center for International Economic Exchanges, delivered at the China-US Forum hosted by the Chongyang Institute for Financial Studies at Renmin University of China at the end of May. The text of the speech was posted to the Guancha (Observer) online news site.

    Continue reading
  • China's blockchain boosters slam crypto as Ponzi scheme
    Communists reckon Bill Gates and Warren Buffet got it right

    Executives at China's Blockchain-based Service Network (BSN) – a state-backed initiative aimed at driving the commercial adoption of blockchain technology – labelled cryptocurrency "the biggest Ponzi scheme in human history" in state-sponsored media on Sunday.

    "The author of this article believes that virtual currency is becoming the largest Ponzi scheme in human history, and in order to maintain this scam, the currency circle has tried to put on various cloaks for it," wrote Shan Zhiguang and He Yifan in the People's Daily.

    He Yifan is the CEO of startup Red Date Technology – a founding member and architect behind BSN – where he serves as executive director. Co-author Zhiguang Shan is chair of the BSN Development Alliance.

    Continue reading

Biting the hand that feeds IT © 1998–2022