Tech Firms Required to Add Backdoors in Hardware, Software for Selling in China
Foreign companies selling equipment to Chinese banks will also be required to disclose source code and submit to audits
The Chinese government has issued new regulations which require all companies that sell computer equipment to Chinese banks to turn over secret source code, submit to security audits and build back doors into hardware and software, according to the New York Times.
The Chinese government laid out the new rules in a 22-page document, which NYT said were approved at the end of last year. Ā China says these rules are necessary to strengthen the cyber security in critical Chinese industries.
[adsense size='1']
However the new regulations have raised fears among the foreign companies especially US companies that China is framing such kind of rules to force them out of one of the largest and fastest-growing markets.
The business groups which include the U.S. Chamber of Commerce, called for āurgent discussion and dialogueā about what they said was a āgrowing trendā toward policies that cite cybersecurity in requiring companies to use only technology products and services that are developed and controlled by Chinese companies, according to NYT.
The fears of the companies are legitimate and would have them hand over the source code of different hardwares and software to the Chinese government.
Other fear is that the Chinese government would turn this over to the cyber warfare unit of
PLA, who would then find and exploit the zero days and other vulnerabilities to spy on citizens especially Americans.
While China is growing more and more assertive about cyber security,Ā it has also demanded that foreign tech firms make much of their core technology data accessible to the Chinese Government for conducting āinvestigationsā.
[adsense size='1']
A Chinese official told the reporters thatĀ Beijing wants 75 percent of the technology used in the nationās financial institutions to be āsecure and controllableā by 2019.
Russia has already embarked on a tech censorship kind of plan from 1st Jan 2015. Ā With China also choosing to follow Russiaās footsteps, American businesses are in for some rough weather ahead. Ā The problem is actually dual. Ā If the tech co do hand over the source code to the Chinese, there is no guarantee that it will not be leaked to some Chinese manufacturer who would come out with a cheaper version of the same device. Ā The other problem is the Zero Days, vulnerabilities and flaws which could be exploited by the Chinese military to spy.
BBC News reports that the U.S. Chamber of Commerce and other groups have responded with a letter calling the rules intrusive and stating, āAn overly broad, opaque, discriminatory approach to cyber security policy that restricts global Internet and ICT products and services would ultimately isolate Chinese ICT firms from the global marketplace and weaken cyber security, thereby harming Chinaās economic growth and development and restricting customer choice.ā
Tim Erlin, director of IT security and risk strategy at Tripwire, told eSecurity Planet by email that this latest move is just one part of a complex, far-reaching issue tied to economics, encryption and assurance. āWhile the likes of Microsoft and Google arenāt willing to simply cede the Chinese market, there can be little doubt that a path that involves sharing source code ends with piracy and ultimately enhances Chinaās ability to copy what they currently buy,ā he said.
0 Responses to Tech Firms Required to Add Backdoors in Hardware, Software for Selling in China