Internet security response centers sprout across Chinese IT industry

(File photo)

Cybersecurity is no longer a one-man job on the Chinese Internet, which is guarded by dozens of Chinese IT companies – from catering service to photo-beautifying apps – whose security response centers (SRC) encourage more social support for cyber defense.

The concept of SRC first emerged in China as early as 2010 when Wooyun.org launched the landmark mechanism where white hat hackers can report vulnerabilities found on websites and receive rewards for their reports.

The mechanism was welcomed and embraced by Chinese companies, as Internet giant Tencent established the first company-based SRC in 2012. Then, in 2013, cybersecurity leader 360 Enterprise Security Group set up Butian SRC, which is one of the most noted ones in the nation.

(A white hat hacker works on his laptop, searching for vulnerabilities. Photo courtesy of ichunqiu.com)

Now, smaller Chinese companies are also opening up their platforms to encourage hackers to report vulnerabilities found on their websites, offering rewards that range from hundreds of yuan to tens of thousands.

China’s car-hailing leader Didi Chuxing jumped on the security bandwagon in 2015. On Jan. 12, the company awarded top 10 best white hat hackers registered on DSRC (Didi Chuxing Security Response Center). At the top was an 18-year-old white hat hacker, who has earned over 100,000 yuan within four months.

“White hat hackers are receiving better treatment from SRCs in recent years, as the industry remains thirsty for at least 700,000 more talents. The lack of human power naturally pushes up the rewards,” Xie Yao, an IT professional with Chinese IT media outlet Shallow Black, told People’s Daily Online.

“By making public all the vulnerabilities found on the Internet, white hat hackers have successfully raised the industry’s cybersecurity awareness, though concerns remain over the possibility of more hacking when vulnerabilities are brought to light,” Xie said.

(Posters of different company-based SRC are seen at an cyber security conference in Beijing on January 12. Photo: Jiang Jie/People's Daily Online)

The awareness was especially uplifted after China’s Cybersecurity Law came into effect in 2017, which stipulates that Internet operators are responsible for not only users’ actions, but the security of the platform, observed Fu Lei, chief marketing officer of cybersecurity training platform ichunqiu.com, which is also the founder of China’s SRC league, with 70 SRCs and counting.

“Major Internet companies will be competitive in the market, but when it comes to cybersecurity, it’s not competition that matters, but collaboration on how to conquer common threats, at least this is what the white hat hackers believe,” Fu told People’s Daily Online.

It should be a common goal of all companies to build a safer Internet, noted Gong Fengmin, a vice president of Didi at the awarding ceremony on Jan. 12, explaining that information security is the key to guarantee Didi Chuxing’s transportation dream with 450 million users.

China’s Ministry of Public Security has reiterated that companies should focus both on economic benefits and social welfare, and work to guarantee company and personal data safety and protect national data through strengthened cooperation with the ministry, Shi Jun, a vice minister of public security, said on Jan. 14.

“Increasing the number of SRCs in China has demonstrated that more companies are willing to undertake the due obligation of cybersecurity, which in turn helps elevate cyber security to the next level when vulnerabilities are fixed,” Fu commented.