Along: JOE McDONALD, Associated Press Posted: Posted July 13, 2021 / 8:01 am CDT / Has been updated: July 13, 2021 / 8:01 am CDT In this September 12, 2017 file photo, attendees pass an electronic display showing recent cyberattacks in China at the China Internet Security Conference in Beijing. Chinese tech experts who have
Along: JOE McDONALD, Associated Press
Posted: Posted / Has been updated:
Beijing (AP) — A Chinese tech expert who found a weakness in computer security had to tell the government and couldn’t sell that knowledge under rules that further strengthened Communist control over information.
The rule bans private sector professionals who find “zero-day” or previously unknown security weaknesses and sells that information to police, espionage agencies, or businesses. Such vulnerabilities were characteristic of major hacking attacks, including this month’s attack, which blamed Russia-linked groups that infected thousands of companies in at least 17 countries.
Beijing is becoming more and more sensitive to managing information about its people and economy. Companies are prohibited from storing data about Chinese customers outside of China. Companies, including Ride Hailing Service Didi Global Inc., which recently made its debut on the US stock market, have been publicly warned to enhance data security.
Under the new rules, anyone in China who finds a vulnerability must inform the government and the government will decide what repairs to do. Information may not be provided to “overseas organizations or individuals” other than the manufacturer of the product.
According to regulations issued by China’s Cyberspace Administration and the Police and Industry Ministry, it is not possible to “collect, sell, or publish information about security vulnerabilities in network products.” They will take effect on September 1st.
The ruling party’s military arm, the PLA, is a leader in cyberwarfare technology, along with the United States and Russia. PLA police officers have been charged by US prosecutors with hacking US companies to steal technology and corporate secrets.
Consultants who find the weaknesses of “zero-day” say their work is legal because they serve police and intelligence agencies. Some have been accused of supporting groups spying on governments and activists accused of human rights abuses.
There are no signs that such private researchers are working in China, but the decision to ban this area suggests that Beijing sees it as a potential threat.
China has steadily strengthened its control over information and computer security over the last two decades.
Banks and other entities that are considered sensitive should use only security products made in China wherever possible. Foreign vendors selling routers and other network products in China need to disclose to regulators how cryptography works.
China strengthens cybersecurity controls in data crackdown
Source link China strengthens cybersecurity controls in data crackdown
Leave a Comment
Your email address will not be published. Required fields are marked with *