China Issues New Measures to Handle Online Security Threats and Attacks
On September 13, 2017, the Ministry of Industry and Information Technology (“MIIT”) issued the Measures of Monitoring and Handling Cyber Security Threat in Public Internet (“Measures”). This article reviews these Measures.
The Measures contains 15 articles and stipulates contents from basic definition, delegation of governmental responsibility, working principle, and so on. More specifically, the cyber security threat in the public network is defined as network resource, bad faith program, hidden security danger or security incident that are existed or broadcasted in the public network and are possible to cause or have caused danger thereto. Such threats include bad faith IP address/domain name/URL/electronic information that are used for cyber attack, bad faith program that is used for cyber attack, hidden security danger existed in network service and products, cyber security incidents that network service and products are illegally invaded or controlled, and other circumstances that threaten the cyber security or exist hidden security danger.
The MIIT will be in charge of organizing the work of monitoring and handling cyber security threat in the public network nationwide, whereas the provincial level departments of the MIIT will be in charge of the relevant work within their respective jurisdiction. Also, the MIIT will establish a platform to co-share cyber security threat information, which will be used to collect, store, analyze, report and publish cyber security threat information; and such platform will be established and maintained by the National Computer Network Emergency Response Technical Team/Coordination Center of China (“CNCERT or CNCERT/CC”).
In addition, it also requires that relevant professional institution, basic telecommunication enterprises, cyber security enterprises, Internet enterprises, domain name registration, management and services institutions and so on shall strengthen its monitoring and handling work for cyber security threat, specify its responsible department, official and contacts. In case a threat is discovered by the relevant institutions mentioned above and it involves other parties, such relevant institutions shall report to the MIIT and its relevant local departments for further handling measurements. In case of failure of taking the advised handling measurements, such relevant institutions may face administrative punishment, such as warning, fining etc, in accordance with the Cyber Security Law.
The Measures will come into effect on January 1, 2018.
ABOUT THE AUTHOR: Fei Dang
Fei Dang is a Senior Associate in the MMLC Group.
Copyright MMLC Group
More information about MMLC Group
Disclaimer: While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer. For specific technical or legal advice on the information provided and related topics, please contact the author.