Following the news that the Chinese government has approved a broad new cybersecurity law aimed at tightening and centralizing state control over information flows and technology equipment. IT security experts from Prevoty and Lieberman Software commented below.
Kunal Anand, Co-Founder and CTO at Prevoty:
“From a digital perspective, doing business in China is going to get a lot more complex. For multi-national companies, this will involve potentially handing over their IP, which could include business logic such as applications, and possibly putting in administrative windows, aka backdoors, into their technologies. Businesses are going to have to be comfortable with giving up control, which will certainly result in further unintended consequences. In the event of a data breach or exfiltration, is it assumed that the government will be held accountable?”
Philip Lieberman, President at Lieberman Software:
“In many ways China is in dire need for better cyber security for many reasons not only related to its own defense, but also to defend the rest of the world from elements within its own country that are causing great harm to others on the planet.
One does not have to go any further than Amazon to see the fraud and deceptions in merchandise as well as rampant electronic fraud launched from China’s shores. One of the largest complaints against China has been the lack of attribution of attackers and fraudsters with the Chinese government denying any knowledge of the destructive behavior.
With a comprehensive legal framework coupled with technology, China can become a better world citizen and be able to respond authoritatively and decisively when criminal activity is launched from their shores. If a US company detects an attack or infiltration from China, and the attack is forwarded to law enforcement within the United States and on to China to put an end to it. With their new framework in place, there will be no denying attribution as well there being little argument about who is doing the misdeed as well there being no excuse for not immediately stopping it. This framework may allow for compensation of US companies (and potentially jail time) for fraud and criminal activity by those in China that chose not to follow the law in both countries.
I have great compassion for the situation in China in that they are trying to grow their economy, but their culture sometimes invites behaviors that can get uncivilized quickly. Consequently, the use of a large hammer tends to work best.
Without question, China will always operate in its own best interest against the needs of foreign interests. Those who operate within its boundaries must conform to their rules whether they like them or not. The concept of fair play and balance of interests is irrelevant to most countries. One does not have to look far at the policies of the EU against the United States and others to find the same self-serving behavior (i.e. privacy regulations, punitive competition laws, etc.). China is not unique in any way compared to other countries and trading blocks, with the exception that they have a unique competence in manufacturing and technology.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.