The policies enforcement trend in China eager to enhance existing cyber security and governance in China. Perhaps our focus of this discussion pure on IT operation and information security and therefore any other background we are not going to surmise.
Censorship People’s Republic of China on behalf of Legal basis and regulations
As usual, different country maintain their regulations and view point in order to enhance their governance in their country. It looks that there is no way to refuse since you are entitle to enjoys the social benefits of their country includes environment and culture. And therefore a obligation to the individual able to follow the Law and regulations.
An official announcement of new regulations bring misgiving to business industries especially technology units.
Since cryptographic techniques implement to all business industries nowadays especially banking financial, publisher, pharmaceutical and manufacturing. In order to fulfill their company costs saving plan, The IPsec site-to-site VPN tunnel deployment is in high demand. Since it is easy to setup once Firewall and Internet are ready in your company. However this method not compliance to China regulation so far. Perhaps last few years China government not proactive enforce the regulation. And such away lets the world believe that this is the appropriate data communications method for cross border environment solution in China.
Internet Security Law of the People ‘s Republic of China let foreign country IT department in hover !
The new cyber security law has been ennounced on 1st June 2017. The Article 5 looks with powerful privileges which causes solicitor, data privacy expert headache! Let take a closer look of Article 5 (see below)
Article 5 The state shall take measures to monitor, defend against and deal with cybersecurity risks and threats from both inside and outside the territory of the People’s Republic of China, protect critical information infrastructure from attack, intrusion, interference and damage, punish illegal criminal activities on the network in accordance with the law, and maintain cyberspace security and order.
Techincal view point: In the sense that even though your web hosting not located in Greater China area once there is one endpoint located in Greater China the computer owner require to follow the new law.
What’s the status today?
Since popular personal VPN client services provider was all blocked. The government objective is avoid a Chinese language term (翻牆). The English language term that is pass through firewall wall. As of today whatsapp messenger is not able to use in China. The expertise speculated that a major communist party gathering next month and therefore China government now tighten the censorship activities. it looks that the speculation make sense! The next action is to block internet unauthorized VPNs from 2018.
Let’s review the implementation time table
Hints! Provide short cut information to CIO, CTO and CISO
As of today, there are total three communication vendor are authorizes to run the internet private circuit in China (see below). The definition of internet private circuit is MPLS instead of IPSec VPN.
- China telecom
- China Unicom
- China Mobile
For data encryption product, there is no solid guideline since the approved product list looks not shown up yet.
Since China has launched 14-month nationwide campaign against unauthorized internet connection includes VPN services (IPSec site-to-site and VPN client) to bypass the China country firewall (Great Firewall). The “cleanup” activities will be end until March 2018. As such, it is hard to drawn into summary at the moment.