China’s top spy agency warns officials to avoid storing classified data in the cloud

 China’s top spy agency warns officials to avoid storing classified data in the cloud

• Chinese Ministry of State Security says foreign agents are trying to steal sensitive information through cyberattacks and Trojan horse viruses
• Those who must use online storage services should disable sharing, encrypt documents and change passwords frequently, it says
  
  
  
  June 8 2024
  China’s top spy agency has warned government officials against storing classified information on cloud services, saying the data could easily be compromised by foreign spies.

Cloud data has become “a major focus of foreign spy agencies”, the Ministry of State Security said on its official WeChat account on Wednesday morning.

The ministry warned that “they [foreign spies] are trying to steal our sensitive information and classified data through various means, such as cyberattacks and inserting Trojan horse viruses, posing a serious threat to personal privacy and national security”.

It cited several cases of government officials using cloud storage to store classified information, adding that they had “weak security awareness” and had been punished.

But it did not say whether the cases involved espionage or what punishment the officials received.

To prevent data leaks, the ministry urged officials and employees of government departments “involved in classified information” to “strictly prevent the storage, processing, transmission and discussion of confidential and sensitive information on the internet, mobile phones and cloud storage”.

It advised officials to disable all sharing if they must use a cloud drive and to encrypt documents, change passwords frequently and turn off the automatic backup option.

The Wednesday morning post also cited the laws on guarding state secrets and data security, calling on the public and government departments to ensure confidentiality in their work and to “raise awareness, strengthen understanding, fulfil obligations and take responsibility” when it comes to protecting secrets.

Matthew Trickett, Briton accused of spying for Hong Kong, found dead in park

China passed a comprehensive data security law in 2021 that penalises companies that send national “core data” overseas without official approval from Beijing. It also requires government departments to uphold confidentiality and regulatory responsibilities.

The law broadly defines “core data” as any information related to national and economic security, people’s welfare and important matters of public interest.

An amended anti-spy law came into force last July, broadening the definition of espionage and the investigative powers of state security agencies.

Last month, a revised law on guarding state secrets also came into effect, adding more than a dozen provisions to expand the depth and breadth of its coverage.

The Ministry of State Security has become more active on social media over the past year to warn of threats from foreign spies, educate society about security and urge the public to share information about suspicious activities.

Earlier this week, it drew public attention by disclosing a case of alleged espionage by the British Secret Intelligence Service, also known as MI6.

Minister of State Security Chen Yixin said in April that his ministry would protect “traditional” security areas such as political, economic and military security, as well as “non-traditional” security areas such as biosecurity, data security and artificial intelligence.

The ministry has also reminded the public of other risks. Last month, it sounded the alarm about foreign non-governmental organisations and foundations, saying they could steal “environmental data” from China under the guise of research and environmental protection.