The US residents have been known to rest easy in the assumption that they possessed an overwhelming technological dominance. However, with that said, the Chinese government is working hard to prove them wrong.
Indeed with respect to the technological battles that have been going on between both the United States and China as well as the sensational hacks of American information technology systems which have been revealed by the US Department of Justice are taken into consideration and of course the core controversies that have lead claims over Huawei’s 5G wireless communications technology and the ban on TikTok – have all gone on to dominate headlines.
But it seems that the Chinese president in Xi Jinping appears to quietly set the stage for a more pervasive, ongoing penetration of America’s networks – and hence creating a problem that the chief executive officers can no longer ignore or indeed minimize. As part of the country’s Digital Silk Road strategy, China is actively pursuing the goal of outright dominance of the world’s computer systems – which of course includes that of America’s, too.
Must Read: China Aiming To Sweep US From Its Throne Of The Most Powerful Economy By 2028
Perhaps the most concerning vector which exists for companies that operate within China are a series of Chinese laws that began taking effect back in 2015 and cover national security, national intelligence, and also, cybersecurity. In a collective manner, they have gone on to set the legal groundwork for the Chinese communist party to have access of what goes on to occur in China or indeed in communications that cross the country’s borders. The culmination with respect to this legal maneuvering goes on to appear to be the updated Multi-level protection system (MLPS 2.0) which actually came into effect in December of last year and is gradually in the process of being rolled out.
MLPS 2.0 consists of more than one thousand pages and happens to be published only in Chinese. It lays down the technical as well as organizational requirements which every company as well as every individual in China must adhere to. It proceeds on to give “the legal authority to go in and ensure that a foreign company’s system is completely open to inspection and retrieval of information by communist party.” In more simpler terms, the legal terms conclude that China has stripped the legal grounds for an American company which operates in China to protect its network from inspection by the Ministry of Public Security – which of course is known to be the country’s most feared law enforcement agency.
The facts state that while no Chinese law actually grants the authority for any company to either install malware or backdoors in corporate networks, under MLPS 2.0, it is the case where anything which the company would install on its Chinese system in order to prevent that would actually be neutralized. As a direct consequence of such a case, the global system of any foreign company based in China could now be within the reach of Chinese authorities.
An expert on the matter recently claimed that despite the legal framework that goes on to exist, bureaucrats at either the provincial or the municipal level will seek to retain the confidence of foreign companies as well as will try to prevent national-level officials from interfering too much. The problem though is that the decision on the application aren’t exactly made by local government officials, rather, they happen to be made by the Ministry of Public Security – which happens to be supported by the Ministry of State Security. The Ministry of State Security happens to be China’s international espionage organization. As the Chinese president increasingly takes steps to centralize the control throughout, it actually appears that at least some American corporate networks will be subject to both inspection as well as de facto control – if they haven’t already been.
Another major concern of course is that this particular legal framework actually gives China the authority to require foreign companies to use specific software, encryption keys as well as cloud computing providers that happen to find themselves under the communist party’s control. As a direct consequence of such provisions, the Chinese intelligence as well as the Chinese security services can proceed on and obtain direct access to corporate data through Chinese cloud providers, can install Remote Access Trojans (RAT) or backdoors, and can also decrypt corporate data – all this taking place without the company’s knowledge.
There have been claims that it is in fact quite likely that the Chinese government will actually attempt to use its presence within the US corporate systems in China in order to leap into their parent company’s system based in the US, however, there haven’t yet been any publicly reported cases. One reason why this is perhaps the case is that such penetrations would essentially be invisible due to the fact that they would appear to be legitimate traffic. And while many companies do in fact segment their systems in China from their global networks, complete segmentation is nearly impossible.
It also the case where China continues to target US corporate and government networks in the US through other unconventional methods. A report that came out two years ago by the US – China Economic and Security Review Commission claimed that more than half of the products which happen to be used by major US technology companies and their supports were actually made in China. Chinese-manufactured equipment is inherently vulnerable to compromise. In the case of motherboards that are sourced from China by Super Micro Computer, it was revealed that the People’s Liberation Army had installed tiny semiconductors that would make way and allow for the army to communicate directly with SuperMicro servers in use in the US. And while the article was frowned upon, it was never discredited by tech giants. Ever since then, industry sources have confirmed that they struggle while preventing Chinese employees from inserting malware on motherboards that happen to be assembled in China.