China’s top internet regulator has announced new rules for speedy reporting of cybersecurity breaches and major incidents involving critical information infrastructure.
According to the new draft regulation announced by the Cyberspace Administration of China, network operators must report “particularly serious” cybersecurity incidents within one hour to relevant authorities.
The measures are due to come into effect on November 1.
This comes less than a week after Chinese cyber authorities fined fashion giant Dior’s Shanghai subsidiary for failing to comply with security requirements when transferring data overseas.
The “national cybersecurity incident reporting management” measures include an incident classification guide with detailed definitions of the various degrees of seriousness and how to respond.
“Particularly serious” cybersecurity incidents – the highest of four categories – are defined as involving the portals of provincial or higher officials and government agencies, as well as key national news websites, for prolonged periods.
These are stipulated as interruptions that are likely to last more than 24 hours because of attacks or failures – six hours in the case of the entire critical information infrastructure – or if the service’s main functions could be out of action for more than 24 hours.
Incidents that disrupt more than 50 per cent of a province’s population or the daily life needs of more than 10 million people, including utilities and grocery supplies, transport and medical care are also included in the top category.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.
