Czech cybersecurity agency issues warning for data transfers to China

NÚKIB, the National Cyber and Information Security Authority from the Czech Republic, is warning its citizens, businesses, and organizations of threats by transferring user data to the People’s Republic of China (PRC).
This threat is posed by IT systems that directly transfer data to the PRC, or are remotely managed from China.
The penetration of these technologies and equipment into critical sectors is growing and will continue to grow in the future. In addition, businesses and organizations are increasingly becoming more dependent on data storage and processing.
“In practice, this means that suppliers of technological solutions have the opportunity to fundamentally influence the operation of critical infrastructure and/or access important data, and trust in the reliability of the supplier is thus absolutely crucial,” the cybersecurity agency says in a public statement.
Another risk factor is the increasing number of devices that are connected to the internet and also transmit sensitive corporate data or personal user information to their suppliers who operate from China, including smart watches, smart cameras, health bands, and cloud storage.
The PRC has been linked to numerous harmful activities directed at the Czech Republic, as well as the EU and NATO. A recent example includes a cyber campaign against the Ministry of Foreign Affairs of the Czech Republic, which was led by APT31, a threat actor associated with the Chinese Ministry of State Security since at least 2022.
NÚKIB’s warning doesn’t mean that technology and devices from China should be unconditionally banned in the Czech Republic. It does mean that businesses and organizations, especially those in the critical sectors like transport, energy, and public healthcare, should take the risks seriously, discuss them in their data protection impact assessment (DPIA), and take appropriate security measures.
Lukáš Kintr, Director of NÚKIB, said that “the security threat posed by the PRC to the Czech Republic in this context should not be taken lightly,” adding it was “evidenced by the words of the PRC’s Minister of Foreign Affairs, Wang Yi, who publicly stated that the PRC does not wish for Russia to lose the war in Ukraine.”
Furthermore, the Czech Republic’s cybersecurity agency recommends that citizens pay close attention to cybersecurity and “to pay increased attention to the access requirements of the technologies or services they use.” In general, the agency advises people to only install and use technology from companies they trust.