The Ministry of Industry and Information Technology published the Measures for Monitoring and Handling Cybersecurity Threats in Public Networks (“Measures”) on 13 September 2017. The Measures are formulated in accordance with the PRC Cybersecurity Law and require network operators and online service providers to report cybersecurity incidents and threats to the government authorities.
Cybersecurity threats mainly include the threat of malicious IP addresses, domain names, URLs, emails, and programs which attach to networks; the threat of hidden security loopholes or risks such as hardware vulnerabilities and backdoors; and the risk of illegal invasions to network products and services. Professional institutions, basic telecom service operators, cybersecurity enterprises, internet enterprises and domain name administrators are required to monitor cybersecurity threats during their daily operation and report threats to MIIT and its designated institutions via an online information sharing platform. However, the scope of the enterprises subject to such reporting obligations and the reporting mechanisms have not been defined clearly in the Measures.
Please click here to read the full text (Chinese only) of the Measures.