INTRO: The Database - All the info behind the wall

A leaked database with a sizeable set of public procurement data gives us a rare behind-the-scenes look where China's ambitions in the realm of cyber security and network operations is going.

One of the biggest challenges in reporting on or investigating developments in China's network and cybersecurity space is the lack of accessible information. The first obstacle, of course, is the language barrier. Further, much of China's cybersecurity knowledge exists within its own distinct online ecosystem that does not always overlap with the international internet.

Secondly, many key players and stakeholders are not particularly open to sharing information with “outsiders”—not only on “sensitive” topics, but even general insights. For many companies and institutions, there’s little incentive to update foreign audiences on recent developments in the country. It might even attract too much attention of inquisitive authorities.

As the industry becomes increasingly self-contained—with its own cybersecurity conferences, strong local education networks, and cutting-edge digital companies—the motivation to engage with the broader international cybersecurity community continues to diminish.

Third, and perhaps most importantly, official data is becoming increasingly difficult to access. This trend applies not only to cybersecurity, but also to public business and economic data. The security-first mindset promoted by the central government is steadily expanding its reach it seems.

Lay of the land

Surprisingly to many outsiders, a significant portion of public procurement in China remains relatively open—at least on the surface. However, access is often limited to those within the country. Increasingly, IP blocks are used to restrict foreign access to public online database websites.

The public procurement landscape itself is highly fragmented as well. Each province typically maintains its own procurement platform, with distinct processes and regulations. The lack of standardization and centralization can make research both tedious and, at times, even futile. Moreover, deeper access to documents and data often requires a verified Chinese mobile phone number—something usually only obtainable from within China.

While there are commercial providers in China that aggregate procurement data from different provincial or institutional databases, their services are often costly and increasingly unavailable to foreign users as well.

Follow the money

When a large database containing over 30 GB of aggregated public procurement tenders leaked online, it unlocked a world of new opportunities.

Join us on NetAskari in the coming weeks as we dive into this trove of public procurement data to trace the direction of China’s cybersecurity ambitions.

We’ll uncover a detailed picture of the country’s expanding data center infrastructure, identify network “shooting ranges” where cybersecurity professionals sharpen their skills, key players and perhaps even catch a rare glimpse into the activities of China’s more secretive institutions—those known simply as “某单位” ("a certain unit").