
China's cybersecurity law update lets state agencies 'pen-test' local companies - Lio
https://www.zdnet.com/article/chinas-cybersecurity-law-update-lets-state-agencies-pen-test-local-companies/
======
entity345
It's ambivalent because it is obviously mixed with censorship-focussed
measures.

However, the following is not necessarily a bad idea:

>Conduct in-person or remote inspections of the network security defenses
taken by companies operating in China.

>Log security response plans during on-site inspections.

>Perform penetration tests to check for vulnerabilities.

>Perform remote inspections without informing companies.

In many (most?) countries Health & Safety agencies have the right to inspect
premises and perhaps we have reached a point where the same should be done "in
cyberspace".

------
Mirioron
The points outlined about the law sound like the government has carte blanche.

