Under new provisions to China’s 2017 National Cybersecurity Law (CSL), entitled “Regulations on Internet Security Supervision and Inspection by Public Security Organs,” Chinese authorities can remotely conduct penetration tests on the systems and networks of any Internet-related business with at least five internet-connected computers, operating in China .
International organizations in all sectors operating in China, including academia, healthcare, finance, energy, consulting, and critical manufacturing, should consider the impact that this new level of access has on the security of their data and react accordingly. This may require measures which call for network segmentation or closing Chinese offices and facilities.
In this publication, entitled “Did China Just Legalize Espionage?: Recent Provisions to Chinese Law Increases Risk to Multinational Organizations Operating in China,” ICIT offers a summary of this new provision, discusses how it may be exploited, and the risk it poses to organizations.