China's financial markets have paralleled the rapid growth and development of the country and for a time were regarded as something of a 'Wild West' environment, where the risks were significant but the rewards were immense. Rapid growth in cities like Shanghai and the handover of Hong Kong and Macau have provided ample opportunities for investment and the development of a form of capitalist communism has created an environment where the potential rewards seemed to justify the risk.
With some areas experiencing a jump from a proto-industrial environment direct to the Information Age, there were bound to be security problems encountered along the way. Maintaining an effective security environment is always a difficult task, but when rapid growth is encountered it often isn't maintained as well as it should be. Outside of China, many people attribute a significant percentage of network attacks and break ins to a Chinese origin, but it also seems that inside of China similar incidents have been taking place.
A number of Chinese financial companies have recently suffered through successful attacks that have seen their ability to trade severely curtailed. In some cases electronic systems were disabled to the point that traders reverted to pre-computerised procedures, and in another trading had to be halted completely (guess which company had an effective disaster recover plan in place?)
To remedy the situation, the China Security Regulatory Commission (CSRC) has begun auditing the financial industry to assess the capability of their Information Security systems and practices. Since beginning the process in April of this year, at least ten companies have already been identified as having weak or nonexistent security, such as unchanged administrator passwords (two cases). Demonstrating just how seriously the CSRC is taking the process, the incident that triggered the audits only took place in March, and didn't result in any losses of significance.
Audits are taking the form of a two stage process, with securities regulatory bodies and local analysts carrying out separate audits, focussing on data management and network separation concerns.
In a month when the main Chinese stock index has suffered a significant downturn (not unrelated to global financial volatility uncertainty), any effort to shore up the systems and networks responsible for financial transactions is worthwhile. It does appear that Chinese authorities are making an effort to [[xref:http://www.thedarkvisitor.com/2008/06/chinese-hacker-hits-new-lowcontinues-to-dig/ |clean up|Chinese hacker hits new low...continues to dig]] their perceived problem with internal hackers and this new focus on protecting financial systems and networks should provide a warning to anyone who is going to target them in the future.
This new approach isn't going to have any effect on the wider financial markets, especially with the enhanced volatility currently present, but it will help with Chinese financial firms being able to continue normal operations.