China enforces stricter response time to cyber breaches

A draft plan adopts a colour-coded system to reflect the degree of harm a cyberattack causes.

 Flag

China’s Ministry of Industry and Information Technology (MIIT) has developed a draft contingency plan for assessing the intensity of a cyber incident and acting on it accordingly to address the growing concerns related to cyber breaches and data security.

The plan proposes a four-tier classification of data security incidents, adopting a colour-coded system to reflect the degree of harm inflicted upon national security, the economy or a company’s information network.

As per this plan, an incident will be issued a red warning and classified ‘especially grave’ if it involves losses of more than ¥1 billion ($141 million) and affects the personal information of over 100 million people or ‘sensitive’ information of over 10 million people.

Some obligations for incidents with red or orange warnings include the involved companies and relevant authorities establishing a 24-hour work rota to address the incident, notifying MIIT within ten minutes of the breach, etc.

MIIT has stated, ‘If the incident is judged to be grave… it should be immediately reported to the local industry regulatory department; no late reporting, false reporting, concealment or omission of reporting is allowed.’