Breach Notification , Security Operations , Standards, Regulations & Compliance

China to Color-Code Security Incidents Based on Severity

IT Ministry Says Classifying Data Security Incidents Will Boost Ability to Respond
China to Color-Code Security Incidents Based on Severity
West Chang 'an Avenue near Tiananmen Square, the office of the Ministry of Industry and Information Technology (Image: Shutterstock)

China's industrial and information technology ministry unveiled plans to classify data security incidents based on severity and the extent of damage to victims. It proposes color-coding incident types to help regulatory agencies respond appropriately to specific events faster.

See Also: Value Drivers for an ASM Program

The ministry proposed using four colors - red, orange, yellow and blue - to classify serious, major, large and general data security incidents, respectively. The deadline for public feedback will expire Jan. 15.

A red code, also known as a level I, will be assigned if a data security incident causes large-scale shutdown of work and production and disrupts core network facilities and information systems for more than 24 hours.

Incidents that lead to the hijacking of business radio frequencies for more than 24 hours, cause financial losses exceeding 1 billion yuan or compromise the information of more than 100 million people or the sensitive personal information of more than 10 million people may also force agencies to activate the red code.

An orange code, or level II alert, will apply if a data security incident disrupts core network facilities and information systems and shuts production or disrupts radio transmission for more than 12 hours, the ministry proposed. Data security incidents that cause economic losses of more than 100 million yuan or compromise the information of more than 10 million people or the sensitive personal information of more than 1 million people also will fall under this class.

A yellow code, or level III alert, will apply to data security incidents that disrupt core network facilities and information systems and radio frequencies for more than eight hours, compromise the data of over 1 million people and inflict financial losses of between 50 million yuan and 100 million yuan.

A blue code, or a level IV alert, will apply to minor data security incidents that disrupt production, core information systems or network facilities for less than eight hours, cause financial losses of less than 50 million yuan and compromise the information of no more than 100,000 people.

The Ministry of Industry and Information Technology said the color coding will improve the ability to comprehensively respond to data security incidents, ensure timely and effective control, mitigate and eliminate the harm and losses caused by data security incidents, protect individuals' right to data security and privacy, and safeguard national security and public interest.

Under the proposal, organizations operating in the industrial and information fields will be required to report red and orange incidents to the Ministry of Cyberspace Leading Group and work with local and central regulatory agencies to investigate incidents, assess the impact of incidents and put in place emergency response measures.

Organizations must report yellow and blue incidents to local industry regulatory authorities and coordinate with them to handle incidents, initiate emergency response and incident analysis, and put in place relevant business system application security reinforcement measures to improve data security.

The agency's proposal comes on the heels of the Cyberspace Administration of China a week ago requiring network operators to report major cybersecurity incidents to authorities within one hour of learning about the incidents - and to provide a detailed analysis in the first 24 hours (see: China Proposes 1-Hour Deadline for Reporting Major Incidents).

The government also proposed three tiers of incident classification ranging from significant to very serious, with the most serious category involving incidents that affect "the work and lives" of more than 30% of individuals within a province or disrupt the entirety of information infrastructure for more than six hours.


About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.