Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED ABOUT A MINUTE AGO.
You are here: Home / Network Security / Experts Wary of China's Tech Rules
Security Experts Wary of China's Cybersecurity Rules
Security Experts Wary of China's Cybersecurity Rules
By Jennifer LeClaire / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
JANUARY
29
2015
China has laid down some new rules that require foreign tech companies selling technology to banks to hand over proprietary source code and adhere to the nation’s encryption algorithms. U.S. business lobbies are calling for "urgent discussions" on the new regulations.

In a letter to China’s Central Leading Small Group for Cyberspace Affairs, dated January 28, the U.S. Chamber of Commerce warned that harm would result from an “overly broad, opaque, discriminatory approach to cybersecurity policy,” according to a Reuters report.

"The domestic purchasing and related requirements proposed recently for China's banking sector . . . would unnecessarily restrict the ability of Chinese entities to source the most reliable and secure technologies, which are developed in the global supply chain," according to the letter, which was also signed by 17 other U.S. business groups. The groups also urged Beijing to postpone the implementation of the new rules.

China’s Suspicion

We caught up with Tim Erlin, director of IT security and risk strategy at advanced threat protection firm Tripwire, to get his thoughts on the matter. He told us this is just one piece of a complex, far-reaching issue with economics, encryption and assurance.

“While the likes of Microsoft and Google aren't willing to simply cede the Chinese market, there can be little doubt that a path that involves sharing source code ends with piracy and ultimately enhances China's ability to copy what they currently buy,” Erlin said. “On the surface, China is seeking assurance that the products they are purchasing from foreign companies are not already compromised, and the [Edward] Snowden (NSA whistleblower) revelations give them good reason to be suspicious.”

As Erlin sees it, China would obviously prefer not to rely on these vendors at all, but they don't have the same capabilities domestically. At the same time, China, as a major market, has leverage with major vendors to push for things like source code audits, he said.

“Market issues aside, there are national security implications to China having open access to source code for software used by other governments, including the U.S. China's offensive cyber capabilities would be greatly enhanced with the 'inside knowledge' afforded by such access,” Erlin said. “It's unlikely that the U.S. would stand idly by while China developed an arsenal of zero days behind the guise of source code audits.”

Backdoors Subvert Security

Ken Westin, a security analyst at Tripwire, told us the issue is odd. Considering most of the devices are already manufactured in China, he said it would seem China would know more about American technology than our own government in some respects.

“As governments push for more access and backdoors into technology companies, it’s the consumer who suffers, just as both privacy and security suffers,” Westin said. “The fact that governments are requesting such access is a sign that technology firms are doing a better job of securing customer data, so much so that governments feel they are doing too good of a job and are attempting to insert themselves either through law or technology in the middle to intercept communications as necessary.”

The problem is that this is all happening in public and the bad guys are fully aware of where their communications can be intercepted and have already moved to more clandestine technologies and forms of communication, Westin said. "The end result of all of this is that legitimate uses of encryption, and other security protections, suffer and the backdoors only work to subvert security making everyone less safe,” he added.

Tell Us What You Think
Comment:

Name:

gggg:
Posted: 2015-02-01 @ 8:54pm PT
Western hypocrisy in full force. It's western companies who want to do business in China and if they don't like the rules just get out. China don't miss them.

ken:
Posted: 2015-01-30 @ 5:40am PT
We cannot give all we have to China. Stop manufacturing the products there. Enough is enough.

Like Us on FacebookFollow Us on Twitter
MORE IN NETWORK SECURITY
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.