China: Opened consultation on TC260 standard Information Security Technology Key Information Infrastructure Network Security Emergency Response System Framework

On 17 November 2022, China's National Information Security Standardisation Technical Committee (TC260) released a draft of the "Information Security Technology Key Information Infrastructure Network Security Emergency Response System Framework" and opened a public consultation until 16 January 2023. The Framework outlines requirements critical information infrastructure operators must follow to establish and improve their network security emergency response systems. According to the draft Framework, critical information infrastructure operators are required to establish a team responsible for security management and identify the type of data they store and process to conduct risk assessments. Furthermore, the operators should establish a clear emergency plan, including automated and non-automated procedures to detect, eradicate and recover from security incidents. Finally, the draft framework specifies that operators have to notify and report security incidents to the national authorities.