Threat Intelligence

Homeland Security: Chinese business dealings a ‘grave threat’ to data security

A U.K. auditing agency found that Huawei coding fell short of acceptable standards,  and that the company has yet to address several of the security issues identified in last year’s report. (Rowingbohe via Creative Commons Attribution-Share Alike 4.0 International license)

The Department of Homeland Security issued a warning to all U.S. businesses about what an accompanying press release called the "grave threat" of doing business with firms from China or with Chinese citizens in leadership roles.

The DHS advisory covers the various Chinese laws allowing Beijing to access data with employees, leadership, or ownership within its borders. That could include including personal data and trade secrets, which the advisory warns may ultimately force data transfer in violation of other countries' privacy laws or contractual obligations.

“For too long, U.S. networks and data have been exposed to cyber threats based in China which are using that data to give Chinese firms an unfair competitive advantage in the global marketplace,” said Acting Secretary of Homeland Security Chad Wolf in a written statement to reporters. “Practices that give the PRC government unauthorized access to sensitive data — both personal and proprietary — puts the U.S. economy and businesses at direct risk for exploitation. We urge businesses to exercise caution before entering into any agreement with a PRC-linked firm.”

These are not necessarily new warnings, said Adam Segal, director of the Digital and Cyberspace Policy Program at the Council on Foreign Relations.

"It is a warning that the U.S. government has been making for a long time," he said in an email, adding that it should not change much for companies currently doing business in China because "any company that was planning on doing business in China would (or at least should) have been aware of these risks."

When U.S agencies release public-facing, official documents arguing that firms like Huawei or TikTok are intelligence risks, it's typically based on these laws — the potential for legal Chinese intervention, rather than active engineering choices currently harming products. That often gets conflated with the more incendiary concerns expressed by lawmakers that China actively engineers products for use in espionage. Several Chinese officials have been formally charged in the United States of stealing intellectual property to benefit domestic firms, either through hacking or embedding personnel as employees of the victim.

For the Trump administration, said Jim Lewis, senior vice president and director of the Center for Strategic and International Studies' Strategic Technologies Program, the release may be as much a political move as a legitimate warning.

"He's trying to box Biden in," said Lewis. "He's doing as many things as he can before the end of the administration to make sure his plans stay in place."

President Trump has run an extremely confrontational strategy to deal with shifting global power to a China that, at times, does play by international rules. One final attempt to sow ill-will towards the supply chains China controls could go a way toward ensuring a strategy of non-cooperation between Washington and Beijing.

Lewis does not believe Biden would lax on China even without political pressure. However, Lewis notes that a strategy predicated on completely disentangling American businesses from Chinese ones is nearly impossible with the amount of products and services Chinese firms provide that U.S. ones do not.

"You might as well try to repeal gravity," he said.

"Some Chinese products are a greater risk than others. The most realistic plan is to limit products based on risk."

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.