China to enter stealth mode to protect key industries

Beijing — China’s ministry of industry and information technology (MIIT) unveiled a plan on February 26 that aims to improve data security in China’s industrial sector and effectively contain “major risks” by the end of 2026.

The plan comes at a time when China and the US both frequently accuse each other of cyberattacks and industrial espionage.

Reuters reported in 2023 that Chinese government entities and state-owned enterprises were accelerating efforts to replace Western-made hardware and software with domestic alternatives, partly due to fears of hacking from foreign adversaries.

“In response to frequent risk scenarios such as ransomware attacks, vulnerability backdoors, illegal operations by personnel, and uncontrolled remote operation and maintenance, we will strengthen risk self-examination and self-correction, and adopt precise management and protective measures,” according to the plan, published on the Chinese ministry’s website.

Protective measures, including emergency drills simulating ransomware attacks, must be applied to more than 45,000 companies in China’s industrial sector by 2026 year-end, covering at least the top 10% in terms of revenue in every Chinese province.

The plan also aims to complete 30,000 data security training sessions and cultivate 5,000 data security “talents” within the same timeframe.

China has since 2021 tightened regulation over how its companies store and transfer user data, citing national security concerns. Regulators fined Chinese ride-hailing giant Didi $1.2bn in July 2022 over data-security breaches.

The ministry of state security warned in December 2023 that foreign geographic information software was being used to collect sensitive data in key sectors including its military.

In the same month, MIIT proposed a four-tier classification system to help it respond to data security incidents.

Reuters