On Oct. 8, the House Select Intelligence Committee released a report on the cybersecurity threat posed by China's Huawei and ZTE, the world's second- and fourth-largest telecommunications suppliers. The report, which described the companies as potential espionage risks and asked the U.S. government and U.S. firms to refrain from doing business with them, drew an angry response from Chinese media: Xinhua, China's state news agency, called its conclusions "totally groundless" and arising out of "protectionism"; the nationalistic tabloid Global Times said the United States is becoming an "unreasonable country"; and the state-run English language newspaper China Daily labeled the accusations "unreasonable and unjustifiable." But the fear of vulnerability from foreign technology, whether reasonable or not, is as present in China as it is in the United States -- now more than ever.
The threats China sees from dependence on foreign telecommunications, software, and hardware suppliers echo many of the concerns raised in the House report: both countries fear that dependence on foreign technology makes them vulnerable to spying and threatens network security and economic development. According to an April 2012 article in Outlook Weekly, a Xinhua publication, 90 percent of China's microchips, components, network equipment, communications standards and protocols, as well as 65 percent of firewalls, encryption technology, and 10 other types of information security products rely on imported technology. Foreign producers also dominate the market for programmable logic controllers, devices used to control manufacturing and other industrial processes. As a result, "all core technologies are basically in the hands of U.S. companies, and this provides perfect conditions for the U.S. military to carry out cyber warfare and cyber deterrence," according to a January article in the military newspaper China Defense.
Beijing has long strived to limit the use of foreign technology and develop indigenous alternatives. The "Regulations for the Administration of Commercial Encryption," implemented in 1999, require government approval for the manufacturing, sale, use, import or export of any product containing encryption, restricting the use of foreign encryption technology within China. Introduced in 2007 by the Ministry of Public Security, the "Multi-Level Protection Scheme" prohibits non-Chinese companies from supplying the core products used by the government and banking, transportation, and other critical infrastructure companies. And the May 2010 Chinese "Compulsory Certification for Information Security Scheme" forces foreign companies wishing to sell to the Chinese government to disclose their intellectual property for security products.
But it's China's over-reliance on pirated goods that makes it extra-susceptible to security breaches. Chinese software companies have been unable to develop competitive products, and as a result Chinese users pirate software from foreign companies. Because stolen software is not updated automatically by the producer, and users rarely patch on their own, it's easier to hack. In October 2008, when Chinese users with pirated copies of Windows on their computers downloaded a new Windows upgrade, their screens went black. The blackout screen could be turned off but returned every hour with a reminder to buy legitimate products. Chinese netizens were enraged at the intrusion, and many Chinese policymakers were suddenly presented with the unpleasant truth that a U.S. company was controlling computers inside their country. As Tang Lan, an expert in information security at the China Institute of Contemporary International Relations, wrote in a February 2012 article in China Daily about the incident, "It's right to attack piracy, but the incident also exposed China's online vulnerability to high-tech intrusion from overseas."