China appears to have taken a more global approach to discussions involving the country’s cybersecurity standards. For the first time, the country has allowed foreign technology companies to participate in creating cybersecurity standards, according to a report in the Wall Street Journal.
China has allowed Microsoft, Cisco, Intel, and IBM to join a cybersecurity advisory committee known as Technical Committee 260 that has been tasked with defining China’s standards that constitute “secure and controllable” technologies, the Journal reported, citing individuals familiar with the matter.
The term “secure and controllable” has generally been used to refer to Chinese intellectual property, Adam Segal, director of the digital and cyberspace policy program at the Council on Foreign Relations (CFR) and the Ira A. Lipman chair in emerging technologies and national security, told SCMagazine.com.
Representatives for Microsoft and Cisco confirmed to SCMagazine.com that the companies are members of the committee, which is also known as TC260. Intel and IBM did not respond to this publication’s requests for comment by press time.
The committee, also known as TC260, is involved in discussions of data storage and encryption, the report said. The move may mark a shift in China’s aggressive cybersecurity policies, although policy professionals are hesitant to place too much emphasis on the development.
Bruce McConnell, vice president of the EastWest Institute, told SCMagazine.com that U.S. companies’ involvement in these policy discussions at an early stage is “a promising development,” although he cautioned that it is “too soon” to conclude a “major shift” in China’s approach.
The tone of U.S.-China cybersecurity has “improved somewhat” since the cyber agreement signed by the two countries last September, he said.
The recent developments are not “necessarily driven by privacy” as much as they are motivated by concerns that Chinese global competitiveness could be negatively impacted in the long term by legislation that uses cybersecurity standards to keep Western companies out of Chinese markets, Segal told SCMagazine.com.
In December, China’s legislature approved an anti-terrorism draft legislation that would require companies provide technical assistance to Chinese authorities or turn over user data in terrorist investigations. An earlier draft of the legislation included a provision requiring companies to decrypt information for Chinese authorities.
“There is a growing realization that it becomes increasingly difficult” for companies to adhere to multiple national security agendas, said Segal. The approach leads to “lots of competing standards.”