Newly revised Cyber Security Review Measures add to Cyber security

2022-05-18 0 By

On February 15, the Internet Security Examination Measures (hereinafter referred to as the Measures) jointly revised and released by the Cyberspace Administration of China and 13 other departments went into effect.”The revision focuses on maintaining data security, requiring operators of online platforms with more than one million users’ personal information to report for network security review when they go public overseas. It adds many highlights by way of ‘addition’.”Lei Zhenwen, a researcher at the Institute of Industrial and Information Rule of Law at Beihang University, said in an interview.The continuous improvement of Internet products and services rooted in practice not only brings great convenience to daily life, but also brings security loopholes, data leakage and other network security threats.”2020 China Internet network security report” pointed out that in recent years, network products and services supply chain security situation more and more serious, for critical information infrastructure information theft, attack damage, and other malicious activities continue to grow, according to data of network attack and abuse problem is increasingly serious, data security risks in the future will be more prominent.”Cyber security review is an important legal system in the field of cyber security.”The national Cyberspace Administration of China (CAC) said in introducing the background of the revision of the Measures that on September 1, 2021, the Data Security Law was officially implemented, which clearly stipulates that the state establishes a data security review system, and the revised Measures are mainly aimed at further guaranteeing network security and data security and safeguarding national security.In Lei zhenwen’s view, the second revision of the Measures can be understood from two aspects: first, the need to cope with the new situation and challenges of cyber security, the increasingly fierce game in cyberspace among many countries, and the gradual integration of cyber confrontation with commercial and financial competition, which has brought many new problems to China’s cyber security maintenance;Second, the revision of the original Measures can provide further basis for the implementation of the relevant norms of the Data Security Law.”This revision to maintain data security as the center, to do the ‘addition’ way, added many highlights.”Lei zhenwen believes that expanding the scope of application of network security review is the primary highlight of the revision.The measures include online platform operators whose data processing activities affect or may affect national security in the scope of cyber security review, and explicitly require online platform operators with personal information of more than one million users to report for cyber security review when they go public abroad.”As social digital infrastructure, online platforms tend to gather massive amounts of data, and their data processing behavior may have a direct impact on national security and social public interests.”Lei zhenwen explained that the measures’ safety review of network platform operators mainly focuses on two aspects: the first is the review of platform operators’ data processing activities, and the second is the safety review of specific network platform operators going public abroad.”In addition, the measures also expand the membership of the review working mechanism and the key assessment of national security risk factors.”Lei zhenwen introduced that the Measures added the China Securities Regulatory Commission as a member of the national cybersecurity review working mechanism, and added national security risk factors in the key assessment of cybersecurity review.”The Measures have also made necessary adjustments to some norms related to review procedures. First, the period of special review procedures has been extended from 45 working days to 90 working days;The second is to add provisions on the obligations of the parties during the period of review.”Lei zhenwen stressed that this has a very positive significance for further giving play to the actual function of the network security review system and effectively preventing and controlling network security risks.”The implementation of network security review, strengthen risk identification and control, is currently the world’s major countries to guard against network security risks.”Lei zhenwen said that the revision of the measures for further solid “fence”, effectively respond to the digital society, platform economy in the development of all kinds of new network security risks, to effectively safeguard China’s national network sovereignty and security has positive practical significance.In the first half of 2021, 49,605 cyber security incidents were reported to the Cyber security Threat and Vulnerability Information sharing platform of the Ministry of Industry and Information Technology, according to the 48th Statistical Report on China’s Internet Development.”Cyber security review focuses on the identification and prevention of cyber risks. It is an important part of national security review.Network platform operators are an important body of responsibility for maintaining network security and national security.”Lei zhenwen said to ensure data security and network security, to nip in the bud.LeiZhenWen Suggestions about it, network platform operators to resolve network security risks, risks of national security, should pay attention to the following three aspects: first, should improve safety consciousness, consciousness of rule of law, especially should correctly understand and handle the maintenance network security and promote the development of the relationship between stick to safe development concept, build up the foundation of network security;Secondly, should constantly enhance the management and assessment of their own operation security, actively contrast the “Network security Law” and “data security Law” relevant provisions and “measures” article 10 listed security risk factors, do a good job of security risk prediction and assessment, management work;Finally, actively declare and cooperate with network security review, all the parties in line with the examination conditions stipulated in the Measures should have the obligation to take the initiative to declare and cooperate with the examination office to do a good job of security review.Synthesis: xinxin China, People’s Daily online – Power Forum review: Wang Shaoyun edit: Wang An Material collation: Xu Xiaowei, Chen Zhuo