Monday, April 8, 2019

From Those Wonderful Folks Who Brought You APT - Manditory Free Pen-Testing

New provisions made to China's Cybersecurity Law gives state agencies the legal authority to remotely conduct penetration testing on any internet-related business operating in China, and even copy and later share any data government officials find on inspected systems...

These new provisions, named "Regulations on Internet Security Supervision and Inspection by Public Security Organs" give the MSP the following new powers:
  • Conduct in-person or remote inspections of the network security defenses taken by companies operating in China.
  • Check for "prohibited content" banned inside China's border.
  • Log security response plans during on-site inspections.
  • Copy any user information found on inspected systems during on-site or remote inspections.
  • Perform penetration tests to check for vulnerabilities.
  • Perform remote inspections without informing companies.
  • Share any collected data with other state agencies.
  • The right to have two members of the People's Armed Police (PAP) present during on-site inspection to enforce procedures. more