China Last Updated: March 2021

CYBERSECURITY POLICY

Strategy Documents

International Strategy of Cooperation on Cyberspace

Ministry of Foreign Affairs and the Cyberspace Administration of China

Identifies four basic principles: Principle of Peace, Principle of Sovereignty, Principle of Shared Governance, and Principle of Shared Benefits;
Discusses strategic goals and a Plan of Action.

Outlines 6 main goals:

1. Safeguard Sovereignty and Security;

2. Develop a System of International Rules;
3. Promote Fair Internet Governance;
4. Protect Legitimate Rights and Interests of Citizens;
5. Promote Cooperation on Digital Economy;
6. Build Platform for Cyber Cultural Exchange.

Source Source 2
1 March 2017

国家网络空间安全战略 (National Cyberspace Security Strategy)

Cyberspace Administration of China (CAC)

First National Cybersecurity Strategy (The Strategy) of China;

The Strategy illustrates and reaffirms China's main positions and propositions on cyberspace development and security;

Identifies four primary principles:

1. Respecting and protecting sovereignty in cyberspace;

2. Peaceful use of cyberspace;
3. Governing cyberspace according to the law;
4. Comprehensively manage cybersecurity and development.

Source Source 2
27 December 2016

中国的军事战略 (China's Military Strategy)

Ministry of National Defense

Outer space and cyber space have become new commanding heights in strategic competition among all parties;
China’s national strategic goal is to complete the building of a moderately prosperous society in all respects by 2021;
The Strategy mentions that China will expedite the development of a cyber force, and enhance its capabilities of cyberspace situation awareness,
cyber defense, support for the country’s endeavors in cyberspace and participation in international cyber cooperation, so as to stem major cyber
crises, ensure national network and information security, and maintain national security and social stability.

Source Source 2
2015

STRUCTURE

National Centre or Responsible Agency

 China Last Updated: March 2021

Cyberspace Administration of China

Central Cyberspace Affairs Commission (CCAC)

Executive arm of the Cyberspace Affairs Leading Group which was transformed into CCAC in 2018.

Source
2014

Key Positions

Head of the Cyberspace Administration of China (CAC)

In charge of cybersecurity and internet policy.

Source Source 2

Dedicated Agencies and Departments

Cyber Security Association of China (CSAC)

Communist Party of China

Government controlled industry association that connects major stakeholders;

Encourage participation in maintenance and safeguarding of network security, promote development, etc.

Source Source 2
25 March 2016

Strategic Support Force (SSF) (战略支援部队)

People's Liberation Army (PLA)

The aim is to safeguard national security;

Constructed from the operational units and organizations from the former general departments, particularly the General Staff Department (GSD),
General Armament Department (GAD), and General Political Department (GPD) units responsible for space, cyber, and electronic warfare.

Source Source 2
1 December 2015

Cyberspace Strategic Intelligence Research Center

General Armaments Department (GAD) of the People's Liberation Army (PLA)

A high-level intelligence platform built on research efforts of an information center of the GAD and the wisdom of the experts in various fields;
Designed to become an authoritative research resource for Internet intelligence, build a highly-efficient cyberspace dynamically-tracking research
system, provide high-end services for hot and major issues, and explore approaches of intelligence analysis as well as identification and appraisal
with cyberspace characteristics.

Source
26 June 2014

Ministry of Industry and Information Technology

The State Council

Main resopnsibilities include:

To determine China’s industrial planning, policies and standards;

 China Last Updated: March 2021

To monitor the daily operation of industrial branches;

To promote the development of major technological equipment and innovation concerning the communication sector;

To guide the construction of information system;

To safeguard China’s information security.

Source
2008

National CERT or CSIRT

National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC)
Non-governmental, officially recognized

CNCERT/CC is a non-governmental non-profit cybersecurity technical center and the key coordination team for China's cybersecurity emergency
response community;
CNCERT/CC leads efforts to prevent, detect, alert, coordinate and handle cybersecurity threats and incidents, in line with the guiding principle of
"proactive prevention, timely detection, prompt response and maximized recovery";
Operates the China National Vulnerability Database (CNVD).

Source Source 2
August 2001

LEGAL FRAMEWORK

Legislation

Cybersecurity Law (中华人民共和国网络安全法)

The National People's Congress

The law states that "the State takes measures to monitor, prevent and handle cybersecurity risks and threats arising both within and without the
mainland territory of the People’s Republic of China. The State protects critical information infrastructure against attacks, intrusions, interference,
and destruction; the State punishes unlawful and criminal cyber activities in accordance with the law, preserving the security and order of
cyberspace."
Legislates various security and data privacy measures;
Requires critical information infrastructure operators that gather or produce personal information or important data during operations within the
mainland territory of the People’s Republic of China to store the data within mainland China.

Source Source 2
1 June 2017 (entry into force)

Counter-Terrorism Law (中华人民共和国反恐怖主义法)

Article 45: As needed for counter-terrorism intelligence information work , and on the basis of national provisions, public security organs, state security
organs and military organs may employ technological investigative measures upon strict formalities for approval.

Source Source 2
27 December 2015
 China Last Updated: March 2021

National Security Law (中华人民共和国国家安全法)

Article 25: The State establishes a national network and information security safeguard system, raising the capacity to protect network and information
security; increasing innovative research, development and use of network and information technologies; to bring about security core techniques and key
infrastructure for networks and information, information systems in important fields, as well as data; increasing network management, preventing,
stopping and lawfully punishing unlawful and criminal activity on networks such as network attacks, network intrustion, cybertheft, and dissemination of
unlawful and harmful information; maintaining cyberspace sovereignty, security and development interests.

Source Source 2
1 July 2015

COOPERATION

UN Processes

Represented at the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source
2004, 2009, 2012/2013, 2014/2015, 2016/2017, 2019/2021

Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context
of International Security

Source Source 2
2019/2020

Bilateral and Multilateral Cooperation

International Cloud Security Conference, host

Cyber Security Association of China
On the development and implementation of the latest infocomm technology in all spheres of human activity, global risks, ways to promote the
development of a safe information structure, plus international cooperation in this area
Source
19-20 December 2017

U.S.-China Law Enforcement and Cybersecurity Dialogue (First)

Ministry of Public Security
Continue implementation on U.S.-China cybersecurity cooperation (reached by Heads of States in 2015)
Source
4 October 2017

Potential cooperation, Tanzania-China

Potential cooperation to control cybercrime.
Source
26 July 2017

Australia-China Cyber Agreement

Central Commission for Political and Legal Affairs
 China Last Updated: March 2021

Neither country would conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of
obtaining competitive advantage

Source
24 April 2017

China-U.K. High-Level Security Dialogue (Second)

Secretary-General of the Central Commission for Politics and Law
Expanded mechanisms of cyber security agreed upon in first dialogue, including increased cooperation on cyber security related incidents and
emergencies
Source
17 February 2017

Trilateral Cyber Policy Consultation, Japan, China, South Korea (Third)

Coordinator for Cyber Affairs, Ministry of Foreign Affairs
Discuss and exchange views on strategies and policies in the field of cyber affairs, and consult on discussions within regional and international frameworks
and future direction of trilateral cooperation on cyber issues.
Source
10 February 2017

Korea-China Cyber Security Forum (Second)

Ministry of Industry and Information Technology
To discuss ways to strengthen public and private-sector partnerships in cyber security between Korea and China
Source
21 December 2016

U.S.-China High-Level Joint Dialogue on Cybercrime and Related Issues (Third)

Ministry of Public Security

Review the timeliness and quality of responses to requests for information and assistance with respect to cybercrime or other malicious cyber
activities
Enhance pragmatic bilateral cooperation with regard to cybercrime, network protection and other related issues

Source
7 December 2016

China-Japan-Korea CSIRT Annual Meeting for Cybersecurity Incident Response (Fifth)

National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT, CNCERT/CC)
Review of the joint incident handling operations and prevention efforts concerning significant cross-border incidents relating to the three countries
Source
6-7 September 2017

Australia-China Cyber Policy Dialogue (Second)

Coordinator for Cyber Affairs, Ministry of Foreign Affairs

Ddiscussed the full range of issues on the international cyber agenda including the development of norms of responsible state behaviour

Source
3 February 2016

Memorandum of Understanding, China-Laos

Minister of the Cyberspace Administration
 China Last Updated: March 2021

Cyberspace cooperation and development

Source
13 September 2015

U.S.-China Cyber Agreement

Head of State
Agree to cooperate with requests to investigate cybercrimes, collect electronic evidence, and mitigate malicious cyber activity emanating from their
territory
Source
September 2015

Russia-China Cooperation in Ensuring International Information Security (Sino-Russia Cybersecurity Agreement 2015)
Head of State
Cooperation in the field of international information security, including joint solution of tasks, and legal framework for dialogue
Source Source 2
8 May 2015

Membership

International Telecommunications
Union (ITU)

Shanghai Cooperation Organisation

(SCO)

United Nations (UN)