Security News > 2021 > August > China orders annual security reviews for all critical information infrastructure operators

China's government has introduced rules for protection of critical information infrastructure.

An announcement by the Cyberspace Administration of China said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe.

The CAC referred to critical infrastructure as "The nerve center of economic and social operations and the top priority of network security".

China's definition of critical information infrastructure can be found in Article 2 of the State Council's "Regulations on the Security Protection of Critical Information Infrastructure" and boils down to any system that could suffer significant damage from a cyber attack, and/or have such an attack damage society at large or even national security.

"The regulations clarify that important network facilities and information systems in key industries and fields belong to critical information infrastructure," wrote the CAC in its announcement, adding that the state was adopting measures to monitor, defend and handle network risks and intrusions, originating domestically and globally.

The regulations themselves are lengthy and detailed, but the theme is that all Chinese enterprises whose operations depend on networks must conduct an annual security reviews, report breaches to government, and establish teams to monitor security constantly.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/08/18/china_critical_information_infrastructure_rules/