What are the new China Cybersecurity Law provisions? And how CISOs should respond

New provisions to the China Cybersecurity Law allow the Chinese government access to enterprise networks operating in the country. Although the security risk that presents is unclear, CISOs can take steps to minimize the impact.

Chinese Cybersecurity Law definition

China’s CyberSecurity Law (CSL), passed in 2016, is broad legislation that dictates how companies should approach security and privacy within the country. It includes strict controls around online activities and provisions around storing data locally, having joint venture partners, and in some cases registering network assets. It also has mandatory requirements around breach notification, appointing a head of cybersecurity, incident response plans, and more.

Additional provisions – known as the Regulations on Internet Security Supervision and Inspection by Public Security Organs – were passed in November 2018 and outline how the country’s main domestic security agency, the Ministry of Public Security (MPS), can conduct both onsite and remote inspection of computer networks, which are generally defined in the CSL as five or more computers connected to the internet.

Onsite inspections require at least two police officers to be present and show both identification and inspection certificates. The MPS may go into business premises, computer rooms and workplaces and “copy information related to internet safety supervision and inspection.”

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!