Threat Intelligence

China unhappy with new U.S. requirement that its IT gear must face review

Calling the move “discriminatory," Chinese officials have disputed the basis of a new U.S. law that restricts IT imports for government agencies.

On Friday, Hong Lei, China's foreign ministry spokesman, told reporters in Beijing that the law “used cyber security as an excuse to take discriminatory steps against Chinese companies,” according to a China Daily report.

Meanwhile, Yang Yujun, a spokesman for China's Ministry of National Defense, said the origin of cyber attacks is too gray an area to invoke this legislative action, since attacks are a “global issue – anonymous, cross-border and deceptive,” the article said.

The new restrictions came as part of a larger appropriations bill, Consolidated and Further Continuing Appropriations Act of 2013, which outlines government spending for the upcoming fiscal year.

In the 240-page bill, signed by President Obama last Tuesday, was a section that said the FBI, or the heads of agencies considering the purchase of Chinese IT equipment, must approve the products by assessing any risks they may impose on government users and data.

According to the provision, the NASA, the National Science Foundation and the Commerce and Justice departments must review the “associated risk of cyber espionage or sabotage associated with the acquisition of [IT] systems, including any risk associated with such system being produced, manufactured or assembled by one or more entities that are owned, directed or subsidized by the People's Republic of China.”

The new bill came on the heels of several incidents that fueled U.S. government leaders' suspicions of China's role in cyber espionage attacks against private companies and the public sector. Of particular note were assertions in February from Alexandria, Va.-based firm Mandiant that a secret Chinese military unit was behind the theft of hundreds of terabytes of data from 141 organizations, mostly in the United States.

So far, Sprint and Japanese telecommunications firm SoftBank have already said they will no longer buy equipment from Chinese networking equipment provider Huawei Technologies, which has been the focus of digital spying concerns expressed by the U.S. government.

David Firestein, a vice president at the New York-based think tank EastWest Institute, who specializes in US-China relations, said that the U.S. House Permanent Select Committee on Intelligence held a hearing on Chinese telecommunication companies last September that may have prompted the new law.

“My sense is that what's happened with this law may be the natural outgrowth of the September 2012 hearing,” Firestein said. “[Government leaders] signaled or foreshadowed that they were prepared to legislate some solutions for the problem.”

Firestein added that the goal of the law is to provide oversight of potentially high-risk equipment in the China supply chain – not to ban business relationships forged between the countries.

“It's no surprise that this rule has generated a lot of attention in China, but one shouldn't overstate what the law seeks to do," he said. "It puts in a quality control premise. It doesn't seek to ban, but to [implement] a vetting mechanism.”

[An earlier version of this story incorrectly stated the government arm that led the September hearing on Chinese telecommunication companies].

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.