Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
How does China's cybersecurity policy affect international cyber espionage?
In recent years, China has stepped up its cybersecurity efforts, passing a law that requires technology companies to report software vulnerabilities found. However, the Atlantic Council think tank warns that this initiative could have far-reaching implications for global cybersecurity.
A law passed in China last year requires companies and security researchers to report any discovered vulnerabilities to the Ministry of Industry and Information Technology within 48 hours. The data is then integrated into the National Vulnerability Database, officially known as CNCERT/CC.
A double-edged sword
At first glance, it seems that China is simply strengthening its security measures in an effort to protect national information networks. However, as the Atlantic Council points out, uncorrected vulnerabilities can become a powerful tool in the hands of government hackers to conduct cyber espionage operations.
Global Cybersecurity risks
Compliance with new regulatory requirements by technology companies poses risks not only for China, but also for the whole world. In fact, the National Vulnerability Database (NVD) becomes a "gold reserve" of exploitable vulnerabilities that can be used to break into systems and users in different countries.
The researchers found that CNCERT / CC provides access to its data to partners who are most likely engaged in exploiting vulnerabilities rather than fixing them. Among them are the Beijing Bureau of the Ministry of State Security of China, the well-known contractor of the People's Liberation Army of China (PLA) Beijing Topsec and the research center at Shanghai Jiao Tong University.
Dilemma for foreign companies
For foreign companies operating in China, the law creates a difficult dilemma: either comply with the requirements and risk compromise, or leave the Chinese market. Some companies have already decided to comply with the law, despite the risks to global cybersecurity.
The initiative adds to tensions between the US and China, especially given recent incidents of cyber espionage. For example, in July, it was reported that Chinese hackers broke into the email accounts of Commerce Secretary Gina Raimondo and other State Department and Commerce Department officials.
As a result, China's cybersecurity law not only protects but also threatens global security, creating new vectors for cyberattacks and espionage on a global level.
In recent years, China has stepped up its cybersecurity efforts, passing a law that requires technology companies to report software vulnerabilities found. However, the Atlantic Council think tank warns that this initiative could have far-reaching implications for global cybersecurity.
A law passed in China last year requires companies and security researchers to report any discovered vulnerabilities to the Ministry of Industry and Information Technology within 48 hours. The data is then integrated into the National Vulnerability Database, officially known as CNCERT/CC.
A double-edged sword
At first glance, it seems that China is simply strengthening its security measures in an effort to protect national information networks. However, as the Atlantic Council points out, uncorrected vulnerabilities can become a powerful tool in the hands of government hackers to conduct cyber espionage operations.
Global Cybersecurity risks
Compliance with new regulatory requirements by technology companies poses risks not only for China, but also for the whole world. In fact, the National Vulnerability Database (NVD) becomes a "gold reserve" of exploitable vulnerabilities that can be used to break into systems and users in different countries.
The researchers found that CNCERT / CC provides access to its data to partners who are most likely engaged in exploiting vulnerabilities rather than fixing them. Among them are the Beijing Bureau of the Ministry of State Security of China, the well-known contractor of the People's Liberation Army of China (PLA) Beijing Topsec and the research center at Shanghai Jiao Tong University.
Dilemma for foreign companies
For foreign companies operating in China, the law creates a difficult dilemma: either comply with the requirements and risk compromise, or leave the Chinese market. Some companies have already decided to comply with the law, despite the risks to global cybersecurity.
The initiative adds to tensions between the US and China, especially given recent incidents of cyber espionage. For example, in July, it was reported that Chinese hackers broke into the email accounts of Commerce Secretary Gina Raimondo and other State Department and Commerce Department officials.
As a result, China's cybersecurity law not only protects but also threatens global security, creating new vectors for cyberattacks and espionage on a global level.
