China Policy Could Shut Out Foreign Security Firms

Use Netsparker


China catches a lot of flack in the infosec World, mostly for being suspected of cyber-terrorism and for propagating nasty malware.

Lately things have been getting more political especially during their tussle with Google over the whole ‘search freedom’ issue and censorship.

The latest is that they are starting to check for compliance on a 3 year old initiative called the Multi-Level Protection Scheme or MLPS which effectively mandates all core services that the government uses must be provided by local Chinese companies.

China is stepping up efforts to keep the security systems that protect its critical infrastructure in the hands of local firms, and that could be bad news for companies based outside the country.

China has started sending out inspectors to check for compliance with a little-known initiative called the Multi-Level Protection Scheme (MLPS), the Associated Press reported Wednesday. Introduced three years ago by China’s Ministry of Public Security, it mandates that core products used by government and infrastructure companies such as banks and transportation must be provided by Chinese companies.

Over the past year, government inspectors have been telling some companies that they must switch to Chinese firewalls and other types of security technology, the AP said. The development could force security vendors such as Cisco Systems and Symantec out of important parts of the growing market, or force them to partner with local businesses, said Stephen Kho, senior counsel with Akin Gump Strauss Hauer & Feld, an international law firm based in Washington. “Right now, it seems to only affect the companies that are in the information security sector,” he said.

The MLPS regulations have been public since 2007, but it wasn’t clear until recently that China would actually enforce them, Kho said. “When they put this one in place, nobody really paid any attention to it,” he said. “A lot of times these laws stay on the books and they do nothing.”

The regulations have been in place for 3 years but are only being enforced now, it seems like a concerted effort by the Chinese government to start pushing foreign companies out of China. Some could also say it’s to get back at the US rejecting takeover bids by Huawei citing ‘security concerns’.

It’s a two way street, you don’t let China in…they are going to push you out. So much for bilateral ties?

Critics worry that China may be leveraging security concerns to shut down free trade in its growing security products market.

The MLPS covers critical infrastructure companies, and China has said most government agencies and state-owned companies must be fully compliant by this year, according to a recent report by the American Chamber of Commerce in China. This requirement could have “serious implications” for companies that sell to critical infrastructure operators in China, the report states.

The MLPS is just one of several policies designed by China over the past few years to spur homegrown technology development. Groups like the American Chamber of Commerce worry that they simply close out foreign competition. “[P]olicies that China is adopting under the banner of ‘indigenous innovation’ are increasingly closed and protectionist in nature,” the group wrote in its report.

In a blog post last year, Oracle Director of Standards Strategy and Policy Trond Undheim said other laws and regulations are also at play here, including the Chinese Compulsory Certification (CCC), which requires the disclosure of intellectual property in some security products.

“China is at the moment poised to limit the global IT industry’s footprint in their country,” Undheim wrote. “They have devised a quite devious set of schemes to do this, centered around IT security legislation.”

This could cause some serious issues for big hardware players like Cisco and Juniper and honestly I think if China really pushes this policy their only choice will be to form some kind of joint venture with China shareholders being in the majority.

It seems China have things locked down pretty tight and if they so wish they can shut everyone down or just simply push them out of the market by making it illegal for them to do business.

Either way, it’s not looking good for some of the big US players.

Source: Network World

Posted in: Legal Issues

, , , ,


Latest Posts:


CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.
HTTrack - Website Downloader Copier & Site Ripper Download HTTrack – Website Downloader Copier & Site Ripper Download
HTTrack is a free and easy-to-use offline browser utility which acts as a website downloader and a site ripper for copying websites and downloading them for offline viewing.
sshLooter - Script To Steal SSH Passwords sshLooter – Script To Steal SSH Passwords
sshLooter is a Python script using a PAM module to steal SSH passwords by logging the password and notifying the admin of the script via Telegram when a user logs in.
Intercepter-NG - Android App For Hacking Intercepter-NG – Android App For Hacking
Intercepter-NG is a multi functional network toolkit including an Android app for hacking, the main purpose is to recover interesting data from the network stream and perform different kinds of MiTM attacks.
dcipher - Online Hash Cracking Using Rainbow & Lookup Tables dcipher – Online Hash Cracking Using Rainbow & Lookup Tables
dcipher is a JavaScript-based online hash cracking tool to decipher hashes using online rainbow & lookup table attack services.


Comments are closed.