China Policy Could Shut Out Foreign Security Firms

Use Netsparker


China catches a lot of flack in the infosec World, mostly for being suspected of cyber-terrorism and for propagating nasty malware.

Lately things have been getting more political especially during their tussle with Google over the whole ‘search freedom’ issue and censorship.

The latest is that they are starting to check for compliance on a 3 year old initiative called the Multi-Level Protection Scheme or MLPS which effectively mandates all core services that the government uses must be provided by local Chinese companies.

China is stepping up efforts to keep the security systems that protect its critical infrastructure in the hands of local firms, and that could be bad news for companies based outside the country.

China has started sending out inspectors to check for compliance with a little-known initiative called the Multi-Level Protection Scheme (MLPS), the Associated Press reported Wednesday. Introduced three years ago by China’s Ministry of Public Security, it mandates that core products used by government and infrastructure companies such as banks and transportation must be provided by Chinese companies.

Over the past year, government inspectors have been telling some companies that they must switch to Chinese firewalls and other types of security technology, the AP said. The development could force security vendors such as Cisco Systems and Symantec out of important parts of the growing market, or force them to partner with local businesses, said Stephen Kho, senior counsel with Akin Gump Strauss Hauer & Feld, an international law firm based in Washington. “Right now, it seems to only affect the companies that are in the information security sector,” he said.

The MLPS regulations have been public since 2007, but it wasn’t clear until recently that China would actually enforce them, Kho said. “When they put this one in place, nobody really paid any attention to it,” he said. “A lot of times these laws stay on the books and they do nothing.”

The regulations have been in place for 3 years but are only being enforced now, it seems like a concerted effort by the Chinese government to start pushing foreign companies out of China. Some could also say it’s to get back at the US rejecting takeover bids by Huawei citing ‘security concerns’.

It’s a two way street, you don’t let China in…they are going to push you out. So much for bilateral ties?

Critics worry that China may be leveraging security concerns to shut down free trade in its growing security products market.

The MLPS covers critical infrastructure companies, and China has said most government agencies and state-owned companies must be fully compliant by this year, according to a recent report by the American Chamber of Commerce in China. This requirement could have “serious implications” for companies that sell to critical infrastructure operators in China, the report states.

The MLPS is just one of several policies designed by China over the past few years to spur homegrown technology development. Groups like the American Chamber of Commerce worry that they simply close out foreign competition. “[P]olicies that China is adopting under the banner of ‘indigenous innovation’ are increasingly closed and protectionist in nature,” the group wrote in its report.

In a blog post last year, Oracle Director of Standards Strategy and Policy Trond Undheim said other laws and regulations are also at play here, including the Chinese Compulsory Certification (CCC), which requires the disclosure of intellectual property in some security products.

“China is at the moment poised to limit the global IT industry’s footprint in their country,” Undheim wrote. “They have devised a quite devious set of schemes to do this, centered around IT security legislation.”

This could cause some serious issues for big hardware players like Cisco and Juniper and honestly I think if China really pushes this policy their only choice will be to form some kind of joint venture with China shareholders being in the majority.

It seems China have things locked down pretty tight and if they so wish they can shut everyone down or just simply push them out of the market by making it illegal for them to do business.

Either way, it’s not looking good for some of the big US players.

Source: Network World

Posted in: Legal Issues

, , , ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


Comments are closed.