China's MIIT Unveils Data Security Incident Plan to Protect Companies from Cyber Threats

Published: December 15, 2023 at 10:47 am Updated: December 15, 2023 at 10:47 am

Edited and fact-checked:
December 15, 2023 at 10:47 am

In Brief

China’s MIIT released a plan aimed at guiding local governments and companies to effectively handle data security incidents.

China's MIIT Unveils Data Security Incident Plan to Protect Companies from Cyber Threats

China’s Ministry of Industry and Information Technology (MIIT) released a comprehensive classification to guide local governments and companies in handling data security incidents. The plan outlines the procedures entities should follow when assessing and addressing such incidents.

The classification introduces a four-tier, color-coded system based on the extent of harm to national security, a company’s online and information network, or the overall economy.

According to the plan, incidents resulting in losses exceeding $141 million and impacting the personal information of over 100 million people or the “sensitive” information of more than 10 million people will be categorized as “especially grave,” prompting a red warning.

In response to red and orange warnings, the plan mandates that involved companies and relevant local regulatory authorities establish a 24-hour work schedule to address the incident. Furthermore, MIIT must be notified of the data breach within ten minutes of its occurrence, among other specified measures.

The introduction of this new plan underscores Beijing‘s apprehension regarding significant data leaks and cyberattacks occurring within its jurisdiction.

Cybersecurity Challenges Heighten Amid Global Tensions

The introduction of the MIIT contingency plan coincides with heightened geopolitical tensions involving the United States and its allies. This development follows an incident last year where a hacker claimed to have acquired a significant amount of personal information belonging to one billion Chinese individuals from the Shanghai police.

In a recent development, Ukraine’s largest mobile network operator, Kyivstar, experienced hacker attack that temporarily disrupted its cellular and internet services. Simultaneously, the major Ukrainian payment system, Monobank, reported a DDoS attack. Both companies are uncertain about the identity of the attackers.

While Ukrainian state bodies and companies have previously attributed cyber attacks to Russia, currently in conflict with Ukraine, no specific attribution has been made in these recent incidents.

In the dynamic landscape of data-driven technologies, protecting personal information and responding promptly to security incidents are critical imperatives for governments and organizations. The latest announcement from MIIT underscores China’s commitment to safeguarding the population’s sensitive information, signaling a proactive stance against unauthorized access and potential breaches.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Alisa is a reporter for the Metaverse Post. She focuses on investments, AI, metaverse, and everything related to Web3. Alisa has a degree in Business of Art and expertise in Art & Tech. She has developed her passion for journalism through writing for VCs, notable crypto projects, and engagement with scientific writing.

Alisa Davidson