What China's cybersecurity plan aims to achieve

A draft plan for the cybersecurity sector released by China last week has renewed the debate over responsible growth of emerging technologies. As part of the country's efforts to ensure security in the handling of the burgeoning data by businesses, the three-year roadmap is a step in the right direction.

While attempting to push China's cybersecurity industry to 250 billion yuan ($38.6 billion) by 2023, the plan announced by the Ministry of Industry and Information Technology focuses on strengthening research and application of data security technologies and encourages enterprises to increase investment in cybersecurity.

A look at the plan's salient points reveals a well thought out strategy of establishing a regulatory mechanism for an industry that is becoming increasingly important with every aspect of daily life shifting online. As most of the world's data has been generated only in the past few decades, securing this modern commodity is essential for any country that wishes to maintain sovereignty over it.

That is why the foremost aim of the newly drafted cybersecurity plan is to strengthen data protection. This is all the more important since the line between real and digital economies is blurring and businesses are shifting user and operational data to cloud storage to increase efficiency and expand services.

Data breaches in this unprecedented era of commerce can be devastating for individuals, businesses and, in the long-term, for economies that have become highly digitized. The emergence of platform economy – where online platforms facilitate economic and social activity – has presented additional challenges to users, businesses, and governments.

Cybersecurity is a matter of lifeline for the platforms around which economic and financial activity revolves. It provides them a sustainable pace of growth which cannot be guaranteed if they repeatedly fall prey to cyber attacks, breaches, and downtimes. Stable growth of the platform economy is, therefore, an understandable goal of the draft plan.

Businesses that are heavily reliant on data will have to, as per the plan, manage data intelligently and strive for breakthroughs in core cybersecurity technologies. A promising technology already being employed by several companies in China is the Privacy-Preservation Computation. PPC holds the potential of addressing users' privacy and security concerns as it allows analysis of data without identifying which specific individuals it belongs to.

Likewise, the number of privacy calculation patents has also been rising rapidly in China, according to the National Industrial Information Security Development Research Center. Most of these patents, encouragingly, have been applied by large enterprises that rely extensively on data.

Integration of such emerging technologies with cybersecurity will be another achievement of the cybersecurity plan. Anti-virus software, firewalls, and other similar technologies are gradually becoming outdated in the face of targeted attacks. The emphasis should thus be on making data inherently immune by building a resilient networking architecture. Some companies are even exploring concepts like algorithmic defense and artificial intelligence for the protection of data.

Since digitization will soon be ubiquitous, cybersecurity will be the most in-demand field of technology. From an investment point of view, this is the right time to enter this lucrative sector. When the aims of the draft plans are achieved, cybersecurity will sprout into a full-fledged industry. Those venturing into it now will be the ones getting the most benefits.

Facilitated by government policies and backed by financial resources, many tech companies from China start off by first expanding on the mainland and then, in time, spread out across the globe. The challenge for them is the storage of Chinese citizens' data as their services cross borders.

Businesses holding data of more than 1 million users from China will soon have to undergo a regulatory review before going for an overseas IPO, according to a draft revision to cybersecurity review measures released by the Cyberspace Administration of China concurrently with the cybersecurity plan.

The significance of data protection has grown into a matter of national security. Companies like Didi Chuxing, Full Truck Alliance, and Boss Zhipin hold large amounts of infrastructure data related to roads and transportation which, if compromised, can be rendered exploitable. So it was pertinent for MIIT and CAC to release their draft plans in the backdrop of Didi Chuxing's recent debut at the New York Stock Exchange.

The national security aspect is not specific to China only. US President Joe Biden issued a sweeping executive order last month targeting technology companies and the massive amount of personal data they hold. Similarly, the European Union revamped its data protection laws in 2018 by introducing the General Data Protection Regulation for security, integrity, and accountability of data.

In China and elsewhere, growth of the cybersecurity industry holds the potential for orderly evolution of industries that are moving online. As the trend impacts economic, developmental, and social aspects of governance and daily life, the new push by the Chinese government can accelerate a responsible digital transformation of the country.

Hayat Bangash is a freelance columnist on international affairs with degrees in business administration and war studies.

The opinions expressed here are those of the writer and do not necessarily represent the views of China Daily and China Daily website.

If you have a specific expertise, or would like to share your thought about our stories, then send us your writings at opinion@chinadaily.com.cn, and comment@chinadaily.com.cn.