What does it mean?

Internet security in most countries focuses on the protection of private computer networks against hackers and viruses. In China, the government’s Internet security policies have mainly been aimed at controlling the content on certain sites in order to prevent the spread of “harmful information”. However, in recent years the Chinese government has become increasingly concerned with protecting the same things as other countries. Accordingly, both forms of security are covered in the government regulations, which we outline below.

How strong is Internet security in China?

China is one of the world’s ten most vulnerable countries in the face of information based threats and the telecommunications and financial industries are the most likely industries to be attacked

Asia presents the greatest threat to the world in terms of hacking with South Korea, Taiwan and Hong Kong accounting for 80% of where hacks originate from. China ranked third in terms of volume of attacks on its computer networks and ninth in terms of where attacks were generated from.

Global Internet attacks increased by 81.5% in 2002. Therefore, the threats are still very much out there. Blended threats (i.e. threats which combine the characteristics of viruses, worms, Trojans and malicious codes with server and Internet vulnerabilities to initiate, transmit and spread an attack) appear to be the biggest concern as the number of these doubled in the second half of 2002 compared with the same period in 2001.

Laws currently in place to deal with Internet Security

  • China has tried to combat these statistics. In 1997, it issued a raft of laws and regulations relating to Internet security which covered the following issues:
  • December 1997 - the prohibition of transmission of viruses. However, these regulations deal more with the control of State secrets and the dissemination of information.7 October 1999 - the establishment of a new agency called the State Encryption Management Commission (SEMC) to oversee encryption technology.

  • 7 October 1999 - the establishment of a new agency called the State Encryption Management Commission (SEMC) to oversee encryption technology.

  • April 2000 - China’s first law on virus prevention. This law prohibits persons from creating viruses, transmitting them intentionally and harming the security of computer information systems. The law goes further and requires all users to check for viruses when uploading or downloading programs and when purchasing or leasing computer equipment.

  • December 2000 – after a series of ‘hack attacks’ in March 2000 on one of China’s major web sites, Sino.com, the Ministry of Information Industry was prompted to make new rules with respect to network and information security management. This led to the law on Internet security in China being further expanded in December 2000 by the Decision of the National People’s Council on maintaining Internet Security.

What has China done to strengthen Internet security since the publication of ISTR?

In February 2003, China joined the UK, Russia and NATO as the first nations to sign up to Microsoft’s Government Security Programme (“GSP”), which gives access to Windows source code and prescriptive guidance on security assurance. This programme will help the Chinese government to establish and maintain more secure computing infrastructures.

China is currently revising its Internet security policies. In mid-March, it set up an information and e-government initiative to discuss this issue. In addition, new regulations are expected to be issued in line with international standards.

Effect on foreign investment and business in China

China’s implementation of Internet security measures and initiatives is not only positive for China in that there is better protection against blended threats and disclosure of sensitive information but will also provide comfort to foreign investors. The vulnerability of the Internet in China has also created a large market for investment in security products.

The Internet will always be vulnerable to attacks, especially as the information age becomes more advanced. China faces a huge challenge in this area. Nevertheless, the constant development of regulations and e-government initiatives to deal with Internet security, particularly with respect to hackers and viruses, as well as China’s participation in Microsoft’s GSP, are a step in the right direction.

[1] Internet Security and Threat Report (“ISTR”) published by Symantec (a well known security software provider in Internet security technology) in February 2003.