Member
- Joined
- Oct 14, 2023
- Messages
- 225
- Thread Author
- #1
Red Orange, Yellow… What color will the next attack be?
The Ministry of Industry and Information Technology of the People's Republic of China (MIIT) is developing a data security incident response plan. The document introduces a four-level system for classifying attacks based on the scale of damage caused.
The highest "red" alert level is provided in the event of a leak affecting more than 100 million people or resulting in losses of more than 1 billion yuan. In such cases, companies and local authorities will have to form a round-the-clock response team and report the incident to the ministry within 10 minutes after the problem is detected.
In addition to the "red" level, the plan introduces "orange", "yellow" and "blue". The "orange" level implies from 10 to 100 million victims or damage in the amount of 100 million to 1 billion yuan.
The response plan is designed to increase China's readiness for major attacks, which are growing in number amid escalating geopolitical tensions. For example, last year, attackers claimed to have gained access to the personal data of more than 1 billion citizens stored in the databases of the Shanghai police.
The new document provides for serious penalties for those who do not inform the authorities within the specified time frame.
"If an incident is deemed serious, it should be immediately reported to the local information technology regulatory authority. Concealment of information, false reports, and substitution of facts are not allowed, " the document says.
The plan also specifies what information is considered particularly sensitive. These include information related to national security, electricity and water supply systems, and medical data.
The system proposed by MIIT is currently undergoing public discussion. The Chinese authorities hope that tough measures will reduce vulnerability to attacks and prevent the recurrence of major incidents.
The Ministry of Industry and Information Technology of the People's Republic of China (MIIT) is developing a data security incident response plan. The document introduces a four-level system for classifying attacks based on the scale of damage caused.
The highest "red" alert level is provided in the event of a leak affecting more than 100 million people or resulting in losses of more than 1 billion yuan. In such cases, companies and local authorities will have to form a round-the-clock response team and report the incident to the ministry within 10 minutes after the problem is detected.
In addition to the "red" level, the plan introduces "orange", "yellow" and "blue". The "orange" level implies from 10 to 100 million victims or damage in the amount of 100 million to 1 billion yuan.
The response plan is designed to increase China's readiness for major attacks, which are growing in number amid escalating geopolitical tensions. For example, last year, attackers claimed to have gained access to the personal data of more than 1 billion citizens stored in the databases of the Shanghai police.
The new document provides for serious penalties for those who do not inform the authorities within the specified time frame.
"If an incident is deemed serious, it should be immediately reported to the local information technology regulatory authority. Concealment of information, false reports, and substitution of facts are not allowed, " the document says.
The plan also specifies what information is considered particularly sensitive. These include information related to national security, electricity and water supply systems, and medical data.
The system proposed by MIIT is currently undergoing public discussion. The Chinese authorities hope that tough measures will reduce vulnerability to attacks and prevent the recurrence of major incidents.