All-encompassing Chinese security laws signal clampdown

All key network infrastructure and information systems in China are to be made "secure and controllable" according to China's new national security law, which ranges from territorial sovereignty to stricter cyber-security. 

It was enacted yesterday by the standing committee of the National People's Congress (NPC) and will replace the 1993 Counter-espionage Law.

President Xi Jinping, who heads a newly established national security commission, says politics, culture, the military, the economy, technology and the environment are all covered – essentially meaning everything. 

Under the new legislation, the country will “develop entry and exit security, scientific capacity, as well as enhance international cooperation, and safeguard activity and asset security on ‘new strategic frontiers'", believed to now include cyber-space, space, the polar regions and the ocean floor.

Xinhua news agency quotes Zheng Shuna, vice chairwoman of the Legislative Affairs Commission of the NPC, as saying the law was necessary because China's national security situation had "become increasingly severe”. 

The move is seen in part as response to Snowden revelations that US agencies planted code in American tech exports to spy on overseas targets. The Asian Times reports that some foreign companies fear technology firms could be required to make products in China or use source code released to inspectors, as had previously been proposed for the finance sector.

China's concerns could potentially also be fuelled by its own knowledge of US spying activity and spies in China gained from the OPM leak – if China was behind that hack.  

According to a New York Times report, the OPM and Anthem breaches both used malicious software electronically signed as safe with a certificate stolen from DTOPTOOLZ Co, a Korean software company, and both sets of hackers employed a rare tool to take remote control of computers, dubbed Sakula.  

While Anthem appeared to be the work of hackers associated with the Chinese army, the second group, dubbed "Deep Panda", appears to be affiliated with the Ministry of State Security, CrowdStrike co-founder Dmitri Alperovitch told NYT. 

It also reported Laura Galante, manager of threat intelligence at FireEye, saying: "We are seeing a group that is only targeting personal information."

China's official response by its Foreign Ministry is that: "Chinese law prohibits hacking attacks and other such behaviours which damage internet security...We oppose baseless insinuations against China."