Today’s society yearns for more convenience, which naturally calls for more connectivity among devices to the Internet. Meanwhile, the need for cybersecurity has also increased.

Experts at the World IoT Security Summit 2018 – organized by TAAS Labs – commended China’s efforts in strengthening its Internet security landscape, but noted there is still huge room for improvement.

Susan Ning, a partner with multinational law firm King & Wood Mallesons, said that while the present situation is not very encouraging, it is not an issue unique to China.

“It’s just that the booming of AI and the Internet of Things that really opens up all the vulnerabilities to hackers. We are talking about hardware, sensors, network at the transmission and application level,” Ning said.

“I think China, in particular, has more weak points. We have to improve our technology, promote a higher standard to comply with. And legally, because I am practicing cybersecurity law, I would focus more on the protection of personal information: starting from [information] collection, storage, transmission, processing or even sharing with third parties.”

In 2017, there were 15,955 hardware and software security vulnerability cases – a record high – of which high-risk incidents took up 35.2 percent.

According to the China National Vulnerability Database, mobile devices and application software accounted for the highest proportion of vulnerability cases.

Dr. Lucas Hui, senior director of Hong Kong Applied Science & Technology Research Institute, is not too perturbed.

“If you look at the news reports, actually there are not many major security incidents involving the Internet in China”, said Hui. “China is doing very well in this and in recent years you can see a lot of new developments here – better than [the situation in] many other countries.” But still, because China is adopting a great deal of new technology, the demand for “cybersecurity professionals, laws, standards and technology” will be much bigger, Hui explained.

Going forward, Hui suggested more training as well as the establishment of international testing and certification standards.

Clients generally receptive to new cybersecurity law

It has been a year since China’s new cybersecurity law came into effect in June 2017.

Ning said her foreign clients are generally receptive to the new law, and referred to this as a good law by “all means.”

“In a way it is strict, but this is something to start with because cybersecurity is now viewed as much as sovereignty level by all jurisdictions. The protection of information security and operation security is really a need and a must,” she said.

While Ning’s firm has seen more attention from multinational companies, the Chinese state-owned ones in the banking, insurance, pharmaceutical and automobile sectors also have high demands for this cybersecurity compliance program, she pointed out.

“Most of the foreign clients we are serving now – from a cybersecurity perspective – are European clients; this may be a push from the General Data Protection Regulation (GDPR) requirement,” Ning said.

“But we do have quite a couple of larger US companies who are acquiring our services [as well], covering both their Chinese cybersecurity law compliance program as well as GDPR, interestingly.”

This article was original published in CGTN.COM.