China IT Ministry Plans To Shore Up Hacking Defences For Vital Industries

China's Ministry of Industry and Information Technology (MIIT) revealed a comprehensive strategy on Monday aimed at enhancing data security within the nation's industrial realm, with the goal of mitigating significant risks by the culmination of 2026. This initiative arrives amidst heightened tensions between China and the United States, marked by mutual accusations of cyberattacks and industrial espionage.

Reports from Reuters last year shed light on the accelerated efforts by Chinese governmental bodies and state-owned enterprises to transition away from Western-produced hardware and software, a move partially propelled by concerns regarding potential hacking activities orchestrated by foreign entities.

ALSO READ: These Apple Devices May Be Prone To Cyber-Attacks, Security Agency Warns

Multiple Risks To Be Mitigated

The plan, as outlined on MIIT's official website, outlines a multifaceted approach to address various risk scenarios, such as ransomware attacks, unauthorised access through vulnerabilities, illicit operations by personnel, and unmonitored remote maintenance activities. It emphasises the reinforcement of self-examination and corrective measures, coupled with precise management and protective protocols.

Under the directive, more than 45,000 companies operating within China's industrial sector are mandated to undergo protective measures, including conducting emergency drills simulating ransomware attacks. These measures are to encompass at least the top decile of revenue-generating enterprises in each province by the conclusion of 2026. Additionally, the plan aims to facilitate over 30,000 data security training sessions and cultivate a cadre of 5,000 skilled individuals proficient in data security protocols within the stipulated timeframe.

ALSO READ: India Witnessed Highest Number Of Cyberattacks In Asia In 2022

Tightening Ropes

Over the past three years, China has incrementally tightened regulations governing the storage and transmission of user data by domestic companies, citing imperatives of national security. Notable instances include the substantial fine levied against Didi, a prominent Chinese ride-hailing service, amounting to $1.2 billion in July 2022 for breaches in data security protocols.

In December, the Ministry of State Security issued a warning, flagging the exploitation of foreign geographic information software for the clandestine collection of sensitive data, particularly within critical sectors such as the military. Concurrently, MIIT introduced a proposed four-tier classification system to bolster its responsiveness to incidents compromising data security.