China releases emergency response plan for cyber security incidents
People’s Daily China reported that the Office of the Central Leading Group for Cyberspace Affairs has released a new emergency response plan for Internet security incidents on June 27. The plan is intended to “improve handling of cybersecurity incidents, prevent and reduce damage, protect the public interest and safeguard national security, public safety and social order."
The plan classifies cybersecurity incidents into six categories, including pernicious procedural incidents, cyber attacks and information security incidents. Four levels of security warnings and response systems are defined according to the seriousness and potential impact of the threat conditions ranging from "general" to "extremely serious."Under the highest, "extremely serious" level, security incidents may "paralyse many important Internet and information systems and halt operations," or "cause loss or falsification of state secrets and important sensitive information, posing great threats to national security and social stability."
These incidents will trigger measures including establishment of emergency headquarters, 24-hour monitoring and multi-department coordination for handling the aftermath of the incident.
The plan states that failure to implement the response measures or concealment of cybersecurity incidents will incur penalties.
The cyber emergency response plan is part of the the implementation of the new Cybersecurity Law adopted last year. The law requires an emergency response mechanism from cyberspace authorities and asks authorities to organise drills and strengthen prevention.
The WannaCry Ransomware attack in May crippled online payment systems at petrol stations across China and affected thousands of educational institutions across the country. The impact was exacerbated by widespread use of pirated software, which cannot be patched with security updates.
Earlier this year, a report released by the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT) on April 19, summarising the Internet Security situation in 2016, highlighted security risks associated with Internet-of-things (IoT) devices and networked industrial systems.
Read the People’s Daily article here.