China is Boosting its Cyber Defenses in Fear of Cyberattacks and Espionage
This post is also available in: 
עברית (Hebrew)
China reportedly intends to improve the data security of its industrial sector in order to effectively contain any “major risks,” a process that is expected to be completed by the end of 2026.
This plan was revealed by the country’s Ministry of Industry and Information Technology (MIIT) last Monday. This plan comes at a time when both China and the US are frequently accusing the other country of cyberattacks and industrial espionage.
Last year, Reuters reported that Chinese government entities and state-owned companies were accelerating their efforts to replace all of the Western-made hardware and software with domestically produced alternatives. One of the reasons for this initiative was the fear of hacking from foreign adversaries.
The plan, as published on MIIT’s website, says as follows: “In response to frequent risk scenarios such as ransomware attacks, vulnerability backdoors, illegal operations by personnel, and uncontrolled remote operation and maintenance, we will strengthen risk self-examination and self-correction, and adopt precise management and protective measures.”
Such protective measures include emergency drills that simulate possible ransomware attacks and reportedly must be applied to over 45,000 companies in China’s industrial sector by the end of 2026, which would cover at least the top 10% when it comes to revenue in every Chinese province. This initiative also means to complete 30,000 data security training sessions and cultivate 5,000 data security “talents”.
According to Cybernews, China has tightened its regulation over how Chinese companies store and transfer user data in the past three years, claiming it is due to national security concerns.
Two occurrences from December of 2023 include a warning by the Ministry of State Security that foreign geographic information software was being used to collect sensitive data in key sectors (including the military), and a proposal by MIIT for a four-tier classification system to help it respond to data security incidents.
