1. Business
  2. Politics and policy
July 14, 2021updated 22 Jul 2021 3:42pm

Back behind the Great Firewall as spooked China boosts its data security industry

By Elles Houweling

China’s Ministry of Industry and Information Technology (MIIT) announced a three-year action plan to boost the country’s cybersecurity industry as it grows increasingly worried about the security of its data amid rising geopolitical tensions.

The draft law published on Monday estimates that the cybersecurity industry will be worth more than 250bn yuan ($38.6bn) by 2023, with a compound annual growth rate of over 15%.

The document represents Beijing’s most detailed strategy yet for the development of China’s cybersecurity, mandating that key industries such as telecommunications devote 10% of their IT upgrade budget to cybersecurity within the next three years.

The “Three-year Action Plan for the High-Quality Development of Cybersecurity”, which is currently open for consultation, aims to “significantly improve” China’s network security technology and the industry’s basic capabilities. It also points out that economic and social network security need to be implemented more rapidly.

In order to achieve these goals, the document proposes more public money be invested in cybersecurity and calls for the establishment of a “national cybersecurity industry guidance fund”. It also calls for more investment in research and development and the establishment of science and technology-focused funds. In addition, it points out that more effort needs to be put into training cybersecurity experts.

China’s grip on data security

Over the weekend, the Cyberspace Administration of China (CAC) – the country’s internet regulator – proposed draft rules calling for tech companies with more than one million users to undergo security reviews before listing overseas.

This move comes after Chinese regulators started a probe into the country’s biggest ride-hailing app, Didi Chuxing, a mere two days after its New York Stock Exchange (NYSE) debut. The sudden crackdown resulted in the company losing around $15bn of its market value.

The agency has also ordered two other tech-based companies, the Uber-like trucking startup Full Truck Alliance and Kanzhun, which connects job seekers and hiring enterprises via a mobile app, to suspend user registrations and submit to security reviews, citing risks to “national data security.”  The two companies, like Didi Chuxing, had also recently issued initial public offerings (IPO) on US stock exchanges.

In an effort to better regulate data security, the Guangdong province said on Sunday that it plans to build a big data centre for the Greater Bay Area, which includes Shenzhen, Hong Kong and Macau, to help the “orderly circulation” of data in the region, the South China Morning Post reported.

The provincial government also said that it would look into what it calls a Greater Bay Area “data custom”, which would be responsible for reviewing, evaluating and regulating cross-border data flow.

The scheme is part of a broader plan “to reform market-oriented data allocation as a production factor” as the country becomes increasingly wary of data security and privacy.

Cybersecurity threats have made headlines internationally with recent high-profile attacks like those on Kaseya, SolarWinds, Colonial Pipeline and Fujifilm.

A recent report by the International Institute for Strategic Studies (IISS) found that China’s cyber power still had a long way to go before it could match that of the US. The London-based think tank found that China’s cyber capabilities were being undermined by poor security and weak intelligence analysis.

The push to bolster the cybersecurity sector will most likely only grow, as data leaks have become a top priority on regulators’ radar amid increasing geopolitical tensions.

Recently, Chinese regulators passed similar policies such as the “Data Security Law of the People’s Republic of China”, the “Personal Information Protection Law” and the “Critical Information Infrastructure Security Protection Regulations”.