Friday, February 26, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

China’s cybersecurity law update lets state agencies ‘pen-test’ local companies

February 9, 2019
in Internet Security
China’s cybersecurity law update lets state agencies ‘pen-test’ local companies
586
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

New provisions made to China’s Cybersecurity Law last November gives state agencies the legal authority to remotely conduct penetration testing on any internet-related business operating in China, and even copy and later share any data government officials find on inspected systems.

Any company that provides an internet-related service with more than five internet-connected computers is susceptible to these inspections.

You might also like

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

Facebook bans Myanmar military-controlled accounts from its platforms

Cloud, data amongst APAC digital skills most needed

The Chinese government agency tasked with carrying out these penetration tests is the Ministry of Public Security (MPS), the same agency which also maintains China’s Great Firewall and its nationwide facial recognition system and surveillance cameras network.

MSP officials received these new powers on November 1, 2018, in the form of new provisions to China’s Cybersecurity Law, first adopted in 2017.

These new provisions, named “Regulations on Internet Security Supervision and Inspection by Public Security Organs” (公安机关互联网安全监督检查规定) give the MSP the following new powers:

  • Conduct in-person or remote inspections of the network security defenses taken by companies operating in China.
  • Check for “prohibited content” banned inside China’s border.
  • Log security response plans during on-site inspections.
  • Copy any user information found on inspected systems during on-site or remote inspections.
  • Perform penetration tests to check for vulnerabilities.
  • Perform remote inspections without informing companies.
  • Share any collected data with other state agencies.
  • The right to have two members of the People’s Armed Police (PAP) present during on-site inspection to enforce procedures.

The new provisions bolster an already intrusive Cybersecurity Law adopted in 2017, which gave Chinese authorities the right to analyze the source code of technologies used by foreign companies in China, all under the guise of identifying vulnerabilities during “national security reviews” to ensure national security.

Back then, US-based threat intel firm Recorded Future sounded the alarm that the law could be abused by Chinese state agencies to identify zero-days and vulnerabilities in the source code of western technologies that usually would have been closed to the eyes of Chinese authorities and its state-sponsored hackers.

Now, Recorded Future experts are raising the alarm on the new provisions as well, citing their broad scope and vague language.

Experts fear that the new provisions will help the Chinese state mask its data collection practices. The worst part is that companies face the risk of not even knowing that an intrusion from Chinese authorities happened.

Recorded Future says the new law doesn’t force the MPS to notify companies when it performs a remote inspection or penetration test, nor does it force it to share a report of its findings and what data it collected with the “inspected” companies.

This means that MPS agents could find a vulnerability in “inspected” companies, gather the company’s data, and later share it with other agencies, and it would all be perfectly legal under Chinese laws.

Further, the new law provisions are also very vague, not specifying which data MPS officials are entitled to copy –data of Chinese citizens only, or all of a company’s users, including foreigners.

Inspections can be carried out at any time, with no prior notice, and for something as simple as checking if companies are storing “illegal content” on their servers, content that Chinese authorities have censored inside the country and may wish to force or intimidate local or foreign firms into also banning.

“Almost all foreign businesses will be subject to in-person facility searches, copying of company user data, invasive checking for ‘illegally published materials,’ and remote inspection of company networks,” said Recorded Future experts in a report analyzing the new cybersecurity provisions today.

“Customers, data, and systems in territorial China are not only at risk of having their data held by the Chinese government, but also are at increased risk for third-party data breaches and Chinese government surveillance,” they said.

Related coverage:

Credit: Source link

Previous Post

Singapore's Model Framework on Ethical Use of AI a "Living Document"

Next Post

Will The Harmonic Convergence Of HPC And AI Last?

Related Posts

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Facebook bans Myanmar military-controlled accounts from its platforms
Internet Security

Facebook bans Myanmar military-controlled accounts from its platforms

February 25, 2021
Cloud, data amongst APAC digital skills most needed
Internet Security

Cloud, data amongst APAC digital skills most needed

February 25, 2021
Ukraine reports cyber-attack on government document management system
Internet Security

Ukraine reports cyber-attack on government document management system

February 25, 2021
More than 6,700 VMware servers exposed online and vulnerable to major new bug
Internet Security

More than 6,700 VMware servers exposed online and vulnerable to major new bug

February 25, 2021
Next Post
Will The Harmonic Convergence Of HPC And AI Last?

Will The Harmonic Convergence Of HPC And AI Last?

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Asimov’s Three Laws Of Robotics And AI Autonomous Cars 
Artificial Intelligence

Asimov’s Three Laws Of Robotics And AI Autonomous Cars 

February 26, 2021
Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics
Machine Learning

Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics

February 26, 2021
Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS
Neural Networks

Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS

February 26, 2021
60+ free martech sessions. The agenda is live!
Digital Marketing

60+ free martech sessions. The agenda is live!

February 26, 2021
SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021
Internet Security

SolarWinds cybersecurity spending tops $3 million in Q4, sees $20 million to $25 million in 2021

February 26, 2021
Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations
Internet Privacy

Chinese Hackers Using Firefox Extension to Spy On Tibetan Organizations

February 25, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Asimov’s Three Laws Of Robotics And AI Autonomous Cars  February 26, 2021
  • Something’s Fishy — New Funding To Tackle Illegal Activities At Sea Using Machine Learning And Data Analytics February 26, 2021
  • Role of Image Annotation in Applying Machine Learning for Precision Agriculture | by ANOLYTICS February 26, 2021
  • 60+ free martech sessions. The agenda is live! February 26, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates