China’s Ministry of Industry and Information Technology (MIIT) revealed a strategy on Monday designed to bolster data security within the country’s industrial realm and address “major risks” by the close of 2026.
This initiative unfolds amidst ongoing accusations of cyberattacks and industrial espionage between China and the United States. Last year, Reuters disclosed that Chinese governmental bodies and state-owned enterprises were hastening efforts to substitute Western-made hardware and software with domestic alternatives, partly due to concerns about foreign hacking activities.
The plan, outlined on MIIT’s website, outlines measures to counter various risk scenarios, such as ransomware attacks, vulnerability backdoors, and illicit operations by personnel.
It emphasizes the need for rigorous self-examination, precise management, and protective measures. By the end of 2026, over 45,000 companies in China’s industrial sector, encompassing the top 10% in revenue from each province, must implement protective measures, including conducting emergency drills simulating ransomware attacks.
Furthermore, the plan sets forth objectives to conduct 30,000 data security training sessions and foster 5,000 data security experts within the specified timeframe. Over the past three years, China has intensified regulations governing the storage and transfer of user data by its companies, citing national security concerns.
Notably, in July 2022, regulators imposed a $1.2 billion fine on Chinese ride-hailing giant Didi for data-security violations. Additionally, in December, the Ministry of State Security cautioned against the use of foreign geographic information software for collecting sensitive data in crucial sectors, including the military.
In alignment with these efforts, MIIT proposed a four-tier classification system in December to enhance its responsiveness to data security incidents, reflecting a multifaceted approach to safeguarding critical industries and reinforcing cybersecurity measures nationwide.