On 15 March 2022, the National Information Security Standardization Technical Committee (TC 260) issued the Work Focus of National Technical Committee on Information Security of Standardization Administration in 2022 (hereinafter referred to as the Focus). The document aims to contribute to the implementation of relevant laws and regulations, especially the Cybersecurity Law, the Data Security Law, and the Personal Information Protection Law.
The following is a summary of the key tasks to be completed by TC 260 in 2022, as outlined by the Focus:
- Accelerating the standardisation development in the field of Generally, the Focus requires TC 260 to proactively research and formulate cybersecurity standards in a timely manner, supporting national major programmes and initiatives. Specifically, the Focus identifies the following priority areas for standardisation:
- Data security: protection of important data, risk assessment for data security, service security of data transaction, data processing of governmental affairs, etc;
- Personal information protection: pre-installation of apps in smartphones, sensitive personal information processing, supervision agency requirement for large Internet enterprises on personal information protection, etc;
- Security protection of critical information infrastructure: security assessment requirements for critical information infrastructure, etc;
- Cybersecurity technology (for regulating the industrial development): interconnectivity frameworks for cybersecurity products, cybersecurity service capability, safety of office equipment, IPv6 address coding, etc.
- Carrying out forefront research and establishing the standards In 2022, TC 260 is expected to carry out research and release a number of documents, including:
- Technical documents, including: comprehensive defense against attacks by commercial monitoring tools, Windows7 operating system security reinforcement, dynamic authentication of Internet users, etc;
- Reports/white papers, including: security issues and risks brought by the application of new technology (i.e. AI and trusted identities in cyberspace);
- National standard system, including: National Standards System of Cybersecurity (2022 Version), National Standards System of Data Security (2022 Version), National Standards System of Personal Information (2022 Version), and National Standards System of Critical Information Infrastructure Security (2022 Version).
- Promoting cybersecurity standards through innovative forms of activities. According to the Focus, numerous activities will be organised in 2022 to contribute to the promotion of standards. These include the celebration of the 20thAnniversary of National Standards of Cybersecurity showcasing the achievements realised during the period. In addition, various thematic activities, training courses, talents’ incubators, knowledge contests, and diversified new media platforms will also represent act as key channels and measures for interpreting and publicising cybersecurity standards.
- Facilitating the coordinated development of domestic and international standards.
- International standards development. TC 260 is required to have at least two new work item proposals of international standards approved in advanced computing areas, such as confidential computing; as well as to carry forward at least two proposals of international standards (e.g. big data security and privacy protection, and virtual network security) into the next stage.
- Reinforce personnel’s expertise in international standardisation. The Focus attaches great importance to recommending a group of experts familiar with international standard rules, and at the same time proficient in network security technologies, to become international standard experts. Also, the Focus highlights the need to reinforce the capacity building of China’s experts in mastering and applying international rules, through activities and practices such as regular technical salons on international standards.
- Strengthening the capacity building of the technical committee. The Focus lists a series of measures to be taken with regards to the requirements on the personnel of secretariat units, committee members, and the working groups. For instance, the secretariat units shall report, on a monthly basis, information on cybersecurity standards, so as to improve the transparency in standards development. This reveals the technical committee’s determination in ensuring and delivering high-quality, high-efficiency and transparent standards.