CAAC Drafted New Secuirty Measures in line with CSL
On February 20, the Legislative Affairs Office of the State Council (SCLAO) released the Draft Interim Provisions on Administration of Network Information Security in Civil Aviation(Draft Provisions) drafted by Civil Aviation Administration of China (CAAC) for public comments, with a deadline of March 30. The Draft Provision is the first sector specific network information security policy released by SCLAO in accordance with Cybersecurity Law (CSL), and clearly stipulates the obligations and responsibilities for all parties accessing civil aviation network and using civil aviation information.
In an explanatory document about the Draft Provisions, civil aviation information systems are mentioned on equal terms with critical information infrastructure (CII). "Civil Aviation network information system is large in scale, complex and highly professional. CA's operation and productivity are highly reliant on information network. Once problems occur in CII, it will affect the normal operation of the whole industry."
The Draft Provisions seems to be written with the assumption that civil aviation network information systems are CII, and it closely embraces several key policies in CSL, including Security Classified Protection (or MLPS) (Article 10 &11), Procurement Management, "secure & controllable" (Article 14), Data localization （Article 28), and Passenger information protection （Article 35, 36 & 37）