Feeds

China lays out glorious eight-point infosec masterplan

Aims to protect the people and the nation

5 things you didn’t know about cloud backup

The Chinese government has released sweeping new information security guidelines designed to enable public and private bodies to protect themselves more effectively against new cyber threats.

The State Council’s long list of recommendations spans just about every conceivable aspect of information security, painting a picture of a nation under siege from attackers and increasingly vulnerable thanks to its reliance on the internet.

It points to the need to better secure “energy, transport, finance and other fields of the national economy” as well as government departments.

On the government side, the guidelines include more auditing, security reporting and monitoring and a pledge to “reduce the number of internet connection points” – presumably to isolate highly classified data on specific machines.

The government also acknowledged the risk to industrial control systems, pledging to “strengthen the protection" of nuclear facilities, aerospace, advanced manufacturing, oil and gas pipelines, power systems, and more.

China also wants to “improve the information security certification and accreditation system”, step-up password protection in e-commerce and e-government, promote the use of “e-signatures” in banking and e-commerce and use strong encryption to protect classified information systems.

In addition, the plans include working towards better information sharing and exchange on cyber security matters, improving emergency response teams, and strengthening and promoting the ranks of information security professionals in the country.

Although short on any detail of exactly how all of this is going to be achieved, as a statement of intent it’s pretty comprehensive and with significant financial and human resources to hand, you can be pretty sure China will meet its goals.

However, throwing more technology at the problem may not be the best way for China to go, according to Kenny Lee, a principal consultant with Verizon Business Asia Pacific.

"Companies simply adopting more layers of technology may lead to false sense of security," he told The Reg.

"Many of today’s malware are undetectable due to increased customisation which renders anti-virus tools less effective. For example, on a case Verizon worked on, we identified a backdoor which was only recognised by one out of 40 AV vendors."

The government's proposals are nothing new, but if anything can be seen as a recognition of the importance of evolving information security strategies in key industries to protect national security and economic advantage.

If nothing else, a more secure China should at least reduce the number of unprotected machines which can be co-opted by cyber criminals.

There's no doubt China is an increasing target of attack for other states and cyber criminals.

Stats revealed in March claimed that attacks from outside the country had infected 8.9 million machines in 2011, up from five million a year earlier.®

Build a business case: developing custom apps

More from The Register

next story
Hello, police, El Reg here. Are we a bunch of terrorists now?
Do Brits risk arrest for watching beheading video nasty? We asked the fuzz
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
NBN Co claims 96 mbps download speeds for FTTN trial
Umina trial also delivers 30 mbps uploads, but exact rig used not revealed
True fact: 1 in 4 Brits are now TERRORISTS
YouGov poll reveals terrible truth about the enemy within
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
Felony charges? Harsh! Alleged Anon hackers plead guilty to misdemeanours
US judge questions harsh sentence sought by prosecutors
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
7 Elements of Radically Simple OS Migration
Avoid the typical headaches of OS migration during your next project by learning about 7 elements of radically simple OS migration.
BYOD's dark side: Data protection
An endpoint data protection solution that adds value to the user and the organization so it can protect itself from data loss as well as leverage corporate data.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?