"From November 1, the Cyberspace Administration of China (CAC) will enforce its new National Cybersecurity Incident Reporting Management Measures, a sweeping set of rules that tighten how quickly incidents must be disclosed. The rules apply to a broad category of "network operators," which in China effectively means anyone who owns, manages, or provides network services, and mandate that serious incidents be reported to the relevant authorities within 60 minutes - or in the case of "particularly major" events, 30 minutes."
"The regulations set out a four-tier system for classifying cyber incidents, but reserve their most challenging demands for the highest "particularly major" tier. An incident that falls within this category includes the loss or theft of core or sensitive data that threatens national security or social stability, a leak of more than 100 million citizens' personal records, or outages that take key government or news websites offline for more than 24 hours."
"Operators must file their initial report with a laundry list of details: what systems were hit, the timeline of the attack, the type of incident, what damage was done, what steps were taken to contain it, the preliminary cause, vulnerabilities exploited, and even ransom amounts if a shakedown was involved."
New rules effective November 1 require Chinese network operators to report serious cybersecurity incidents rapidly: within 60 minutes for serious events and within 30 minutes for particularly major incidents. The Cyberspace Administration of China (CAC) applies the measures to anyone who owns, manages, or provides network services and establishes a four-tier classification system. The highest tier covers incidents that threaten national security, involve loss of core data, leaks exceeding 100 million personal records, prolonged outages of key sites, or direct economic losses above ¥100 million. Initial reports must list affected systems, timelines, damages, containment steps, causes, exploited vulnerabilities, and ransom amounts where applicable.
#china-cybersecurity #incident-reporting #data-breach-thresholds #cyberspace-administration-of-china
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]