China’s cybersecurity law update lets state agencies ‘pen-test’ local companies
Recorded Future experts are worried about recent changes to China’s Cybersecurity Law, as these enable government agencies to carry out penetration tests on internet-related companies in China and to copy data discovered during the investigations. Security experts believe that the legal provisions mainly aim to give the Chinese government access to data from local companies.
Under the law, the Ministry of Public Security (MPS) that is in charge of carrying out the investigations, does not even need to inform the companies that are subject to “pentesting”. When the legal changes were adopted in November of last year, experts with Recorded Future already expressed concerns that the law could also be used by the Chinese government to find known and unknown software flaws affecting western technologies.