Posted by Jonathan Penn on September 14, 2010
My colleague Heidi Shey brought this article to my attention. It talks about how China mandates that government and core industry sectors (banks, transportation, etc. -- what we would refer to as "Critical Infrastructure" sectors) buy certain IT products only from Chinese companies. The attorney quoted in the article says that "Right now, it seems to only affect the companies that are in the information security sector," but the journalist wasn't able to substantiate or refute this. There could indeed be a national security rationale behind this -- however misguided. Of course, this isn't the first time we've seen interests of national security come into direct conflict with interests of corporate security: see RIM's troubles with the BlackBerry in Saudi Arabia, the UAE, and India; or ask a US-based service provider selling to overseas companies about those customers' concerns about whether their data would be exposed to USA PATRIOT Act disclosure). Some vendors I've spoken to speculate (off the record) that this could all be designed to give the Chinese government access to these systems by having the Chinese vendors install back doors. Others think this is simply a matter of funneling business to Chinese companies.
Whatever the reason, I'd be interested to hear from you about whether this is really happening or not. Do you sell security, or other IT infrastructure, products in China? Are you seeing this come up as an issue with Chinese companies in certain industry sectors? Are you seeing anything similar in other countries?