Ministry tackles security risks on geographic information

National security and related departments are conducting inspections to assess and rectify security risks associated with geographic information data, the Ministry of State Security said in a statement released on Monday.

The objective of the inspection is to guide and assist entities and institutions to rectify issues promptly, particularly major security vulnerabilities such as data theft and leaks.

The national security organs recently identified instances where overseas geographic information system software used in key industries in China was collecting and transmitting geographic data, it said.

Some of the data was highly sensitive, potentially involving State secrets, and posed a significant threat to national security. The inspection being carried out by the national security departments will address those concerns.

Geographic information data is classified as high-value intelligence and is a prime target for overseas espionage agencies, the ministry said.

It can be utilized to reconstruct three-dimensional topographic maps of specific areas in critical sectors such as transportation, energy and the military, providing crucial support for reconnaissance and military operations, and posing a severe threat to China’s national security.

The ministry said geographic information system software often encompasses functions related to data collection, storage, analysis, management and sharing. Such powerful tools can annotate various types of geographic information on maps and analyze and display the data as needed, with coordinate accuracy reaching even centimeter-level precision.

It cautioned that certain overseas organizations and individuals are actively targeting geographic information data, and attempting to steal intelligence through geographic information system software. Methods include automatically connecting to overseas servers during software use, collecting user data, and deliberately embedding “back doors” in the software to facilitate network attacks and data theft.

The ministry also said that some users with weak awareness of data security might inadvertently mark high-precision geographic coordinates of city infrastructure networks, such as water, electricity and communication systems, as well as military targets and classified entities on maps. That created serious risks of leaks and espionage, potentially resulting in irreparable losses.

In accordance with the Law on Data Security, data processing activities must strictly comply with the provisions of laws and regulations and establish a comprehensive data security management system. Organizations involved in data processing activities should organize education and training on data security, and take appropriate technical measures and other necessary measures to ensure data security.

When conducting geographic information data collection and processing activities, entities and individuals should use secure and reliable geographic information system software and set strict access permissions based on the importance of the data to ensure data security.

The ministry said national security departments will collaborate with related departments to establish a sound cooperation mechanism for data security protection, collectively safeguarding the security of important national data.

China’s Counter-Espionage Law says that overseas institutions, organizations and individuals who obtain data related to national security and interests through theft or bribery — in collusion with domestic entities or otherwise — will be considered to have engaged in acts of espionage.