China Further Strengthens its Cybersecurity Rules and Regulations

July 14, 2021 | 2 minutes read

China has further tightened its cybersecurity by ordering tech experts to report all sorts of weaknesses in computer security, to the government.

Also, since the Communist Party’s control over information has further tightened, tech experts won’t be able to sell that information according to the new rules.

Under the China’s new cybersecurity rules, any experts from the private sector, who find any vulnerabilities in cyberspace, can’t sell the information to companies, spy agencies, or police. Such information has often resulted in the increase of cyber-attacks, much like the one that took place this month by a Russian-linked group that resulted in hundreds of companies in more than 16 nations.

Beijing is taking cybersecurity measures and laws very seriously to tackle the major ongoing cybercrime issue. Moreover, companies are also not allowed to store data regarding Chinese customers outside the country. Companies such as Didi Global Inc, that were lately registered in the U.S stock market debut, have been publicly instructed to strengthen their data security.

Moreover, no one is allowed to sell or publish information on network product security vulnerabilities,” according to the rules set by the Cyberspace Administration of China and the police and industry ministries.  These rules will be implemented starting September.

Previously People’s Liberation Army’s officers have been charged by U.S prosecutors with hacking American companies for information and trade secrets theft.

As for the consultants who find “zero day” weaknesses claim their activities are legit since they serve police or intelligence agencies. Some have been charged for helping groups that spy on activists and governments accused of human right abuses.

For now, there is no proof that private sector researchers like these work in China. However, since the nation has taken measures to ban the activity, there’s a chance that the country considers it as a potential threat.

China has been strengthening its cyber security rules for the past two years now.

Under China’s cybersecurity rules it is also suggested for banks and similar institutions to use only Chinese-made security products as much as possible. Routers and other It products that are bought by international vendors are required to disclose to regulators the working of any encryption features.