Assessing the Effect of China’s Cyber Security Law

Based on the Cybersecurity Law adopted on 2016, Chinese government has come up with a comprehensive Internet security/surveillance program. The surveillance program might create a whole host of challenges. Beijing can utilize the cybersecurity standards to pressure companies to undergo invasive product reviews where sensitive intellectual property (IP) and source code though not explicitly written but may be required as part of verification and testing.

According to Financial Times, when China’s Cyber Security Law took effect in June 2017, it addressed all aspects of cyber security from network systems and facilities to data localization and the protection of critical information infrastructure. Analysts and foreign companies have criticized it as extremely vague and exceptionally wide in scope.

The Cyber Security Law of the People’s Republic of China took effect on June 1st, 2017. Article 37 of the Cybersecurity Law requires personal information and important data collected by operators of critical information infrastructure (CII) to be stored within China’s border, while Article 41 states that network operators are required to gather and store personal information in accordance with the law, administrative regulations and their agreements with users.

Overseas firms have demanded for more clarity and more time to implement the controls that the government wants put in place, but so far China’s internet regulator, The Cyberspace Administration of China, has only relented on pushing back the date for laws relating to the cross-border flow of information. A company that is not registered in China but that conducts business in or provides products or services to China must also be deemed as conducting “operations within the territory of China” and is covered by these regulations.

The new foreign investment law encourages overseas companies to enter China, but rigid cyber surveillance regulations force them to not just partner with local companies but to sometimes share technology, a practice that critics say amounts to a forced transfer of crucial know-how to eventual competitors. For multinational corporations, the proposed rules mean they would now be liable for an additional level of government assessment for information on the likes of local employees and suppliers before sending it to a global database. Also, the rules would create much greater uncertainty for overseas operators which collect data for companies with cross-border business.

China, in other words, appears to be floating the first competitive alternative to the open internet—a model that it is steadily proliferating around the world. China views the internet as a threat to its domestic security that must be controlled within its borders whether because of its potential for domestic coalition-building or its ability to give populations access to censored information. Heavy content censorship, pervasive surveillance, and traffic throttling are all the part of this approach.

Foreign companies in China are being subjected to cyber-security probes as the government tightens controls over areas such as cloud computing, the Financial Times reported. Developments to the Multi-Level Protection Scheme (MLPS), which upholds the cyber law in China, are expected to intensify the monitoring of tech industries, including mobile internet, IoT manufacturing, cloud usage, data and security.

Share with friends:

The Growing Threat of Chinese Cyber Intrusion

Chinese cyber activity in the United States had risen in recent months, targeting critical infrastructure in what may be attempts to lay the groundwork for future disruptive attacks. In 2015, then-US President Barack Obama and Chinese President Xi Jinping agreed that neither government would endorse or engage in state-sponsored cyber-espionage to steal info from the other. But the recent report is suggesting that China is gathering information and intelligence for its Made in China 2025 plan that will make the country a global leader in manufacturing.

Trade Embargo With the USA Accelerating Chinese Cyber Intrusion-

The ongoing tariff war and the deteriorated political relationship between the US and China have encouraged Chinese hackers to turn up the heat on the US companies. Dubious Chinese firms are also taking unfair means of stealing IP and tech secrets from the US companies. Amid increasing tensions between the US and China, fuelled by Mr Trump’s threat of trade tariffs, the volume of attacks has returned to previous levels.

The US Government’s Report-

American officials say China’s relentless effort to steal American business secrets is part of what they describe as Beijing’s drive to leapfrog the United States as the world’s preeminent economic and military power. U.S. officials say China’s targets include the fields of aerospace, biotechnology, telecommunications, medical equipment and oil and gas exploration. Those match the business sectors tabbed for strategic development in China’s official government policy called “Made in China 2025.”

According to the documents of the Worldwide Threat Assessment of the US Intelligence Community, “China remains the most active strategic competitor responsible for cyber espionage against the US government, corporations, and allies.” The UK and US believe China is breaking a 2015 agreement not to steal commercial data to help its companies. There was a dip in activity after the deal was signed (which followed a period of pressure by Washington, including the indictment of Chinese military hackers and the threat of sanctions). “China has the ability to launch cyber attacks that cause localized, temporary disruptive effects on critical infrastructure — such as disruption of a natural gas pipeline for days to weeks — in the United States,” the US Intelligence Community document warned.

Real Intention of Chinese Cyber Attack-

Chinese government’s views on cyber warfare are consistent with its military strategy, which is modified according to the national security environment, domestic situation, and activities of foreign militaries. When taken together, though, the information would have amounted to a valuable snapshot of US cutting edge underwater weapons development, plus details on a number of related digital and mechanical systems.

China’s Cyber Security Law (CSL), which came into effect on 1 June 2017, is the apex of a host of regulations aimed at creating a separate and heavily controlled sovereign Chinese cyberspace. Businesses are a key target of this regime.

Share with friends: