Feeds

China lays out glorious eight-point infosec masterplan

Aims to protect the people and the nation

SANS - Survey on application security programs

The Chinese government has released sweeping new information security guidelines designed to enable public and private bodies to protect themselves more effectively against new cyber threats.

The State Council’s long list of recommendations spans just about every conceivable aspect of information security, painting a picture of a nation under siege from attackers and increasingly vulnerable thanks to its reliance on the internet.

It points to the need to better secure “energy, transport, finance and other fields of the national economy” as well as government departments.

On the government side, the guidelines include more auditing, security reporting and monitoring and a pledge to “reduce the number of internet connection points” – presumably to isolate highly classified data on specific machines.

The government also acknowledged the risk to industrial control systems, pledging to “strengthen the protection" of nuclear facilities, aerospace, advanced manufacturing, oil and gas pipelines, power systems, and more.

China also wants to “improve the information security certification and accreditation system”, step-up password protection in e-commerce and e-government, promote the use of “e-signatures” in banking and e-commerce and use strong encryption to protect classified information systems.

In addition, the plans include working towards better information sharing and exchange on cyber security matters, improving emergency response teams, and strengthening and promoting the ranks of information security professionals in the country.

Although short on any detail of exactly how all of this is going to be achieved, as a statement of intent it’s pretty comprehensive and with significant financial and human resources to hand, you can be pretty sure China will meet its goals.

However, throwing more technology at the problem may not be the best way for China to go, according to Kenny Lee, a principal consultant with Verizon Business Asia Pacific.

"Companies simply adopting more layers of technology may lead to false sense of security," he told The Reg.

"Many of today’s malware are undetectable due to increased customisation which renders anti-virus tools less effective. For example, on a case Verizon worked on, we identified a backdoor which was only recognised by one out of 40 AV vendors."

The government's proposals are nothing new, but if anything can be seen as a recognition of the importance of evolving information security strategies in key industries to protect national security and economic advantage.

If nothing else, a more secure China should at least reduce the number of unprotected machines which can be co-opted by cyber criminals.

There's no doubt China is an increasing target of attack for other states and cyber criminals.

Stats revealed in March claimed that attacks from outside the country had infected 8.9 million machines in 2011, up from five million a year earlier.®

3 Big data security analytics techniques

More from The Register

next story
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.