China aims to grow local infosec industry by 30 percent a year, to $22 billion by 2025
Optimistically suggests international collaboration – including on standards – will help it get there
China's government has declared the nation's information security industry needs to grow – fast.
A document with the catchy title of "Guiding Opinions of Sixteen Departments Including the Ministry of Industry and Information Technology on Promoting the Development of the Data Security Industry" was issued last week, setting out an ambitious program to scale the industry at 30 percent compound annual growth rate, so it reaches ¥15 billion ($22B) of annual revenue by 2025.
To get there, China will build five security labs, between three and five national data security industrial parks, ten advanced demonstration areas for innovative applications, and "cultivate a number of leading and backbone enterprises with international competitiveness, individual champion enterprises and specialized, special and new little giant' enterprises."
The plan also calls for the development of more infosec products, and improvements to the security of existing offerings. China wants AI and blockchain to be applied when suitable.
A national data security testing and evaluation system will inform this work.
Beijing hopes to satisfy domestic demand and to create products with potential to attract global buyers.
That ambition is … erm … ambitious, given that many nations already distrust Chinese hardware for the security risks they feel it creates.
China's plan also calls for cooperation with the data security industry in countries that participate in the nation's "Belt and Road" development initiative.
- China's infosec researchers obeyed Beijing and stopped reporting vulns ... or did they?
- China cybersecurity regulator wants to support tech growth
- China follows through on plan to ban deepfake tech
- Chinese researchers' claimed quantum encryption crack looks unlikely
Interestingly, the document also mentions promoting "standard convergence and mutual recognition of certification results" and a plan to "Encourage Chinese scholars and entrepreneurs in the field of data security to actively participate in the work of relevant international organizations."
China has in the past sought to create standards that reflect its vision of the internet – a vision in which the internet is more easily controlled. Any attempt by the Middle Kingdom to bring a similar approach to infosec will likely be resisted in various international fora.
Chinese participation at a technical level, however, will likely be welcomed. Chinese orgs have in recent years proven to be exceptionally adept bug-hunters.
The plan lays out a goal of a prosperous and mature infosec industry by 2035, by which time "The industrial policy system has been further improved, the key core technologies of data security, the development level of key products, and professional service capabilities have ranked among the world's advanced ranks, the awareness and application capabilities of data security applications in various fields have been significantly improved, and a number of leading companies with international competitiveness have emerged."
It's hard to imagine China not wanting any of the above, given the nation's stated policy of widespread connectivity and use of AI driving its economy.
The financial goal is also unambitious. Analyst firm Gartner last year predicted global spending on security and risk management would grow 11.3 percent to top $183 billion in 2023. China represents around 18 percent of global economic activity and population, and 18 percent of $183 billion is $33 billion – so if China only hits its $22 billion goal, its infosec industry market share will not match its economic and population heft. ®