China Regulator Suspends Cybersecurity Partnership With Alibaba

On December 21st, 2021, Chinese regulators suspended an information-sharing partnership with Alibaba Cloud Computing, a subsidiary of Alibaba group, over an accusation by a state-backed media report that said that the company failed to promptly address and report on a cybersecurity vulnerability.

The 21st Century Business Herald cited a recent notice by the Minister of Industry and Information Technology (MMIT), which said Alibaba failed to immediately report vulnerabilities in the open-source logging framework Apache Log4j2 to China’s telecommunications regulator. 

In response, MIIT suspended the partnership regarding cybersecurity threats and information-sharing platform with Alibaba. The notice said that this partnership would be reassessed in six months and then be revived based on the company’s internal reforms. MIIT also said that they received reports of this vulnerability from a third party rather than from Alibaba.

The suspension of the partnership highlights Beijing’s concern over a vulnerability that triggered a wave of panic among corporates and governments worldwide. Apache Log4j2 is a Java-based tool widely used in web applications and enterprise systems.