Security News > 2021 > August > China orders annual security reviews for all critical information infrastructure operators
China's government has introduced rules for protection of critical information infrastructure.
An announcement by the Cyberspace Administration of China said that cyber attacks are currently frequent in the Middle Kingdom, and the security challenges facing critical information infrastructure are severe.
The CAC referred to critical infrastructure as "The nerve center of economic and social operations and the top priority of network security".
China's definition of critical information infrastructure can be found in Article 2 of the State Council's "Regulations on the Security Protection of Critical Information Infrastructure" and boils down to any system that could suffer significant damage from a cyber attack, and/or have such an attack damage society at large or even national security.
"The regulations clarify that important network facilities and information systems in key industries and fields belong to critical information infrastructure," wrote the CAC in its announcement, adding that the state was adopting measures to monitor, defend and handle network risks and intrusions, originating domestically and globally.
The regulations themselves are lengthy and detailed, but the theme is that all Chinese enterprises whose operations depend on networks must conduct an annual security reviews, report breaches to government, and establish teams to monitor security constantly.
News URL
Related news
- HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities (source)
- Major security audit of critical FreeBSD components now available (source)
- T-Mobile US 'monitoring' China's 'industry-wide attack' amid fresh security breach fears (source)
- Ivanti Issues Critical Security Updates for CSA and Connect Secure Vulnerabilities (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks (source)
- Critical security hole in Apache Struts under exploit (source)