It's about frickin' time: US govt requires security review for Chinese tech purchases
If you look out the window, you might notice that the moon is blue. If you check the Weather Channel, reports are that hell has indeed frozen over. As unlikely as it may seem, our politicians have apparently done something right.
In order for America's government to fund its operations, programs, and agencies, money has to be allocated for this purpose on a regular basis. In many years, that budget money is allocated through something called a "continuing resolution", which passed in Congress and signed by the President.
A continuing resolution passed this year as well, except this time, it had some teeth, in particular when it comes to China's ongoing acts of apparent espionage and skulduggery.
Put simply, the newly signed 240-page law requires law enforcement authorities to be consulted and to perform a cybersecurity and sabotage risk assessment when buying IT gear.
Here's the hot button, the once-in-a-blue-moon, hell-freezing-over smart move by our politicians. The formal risk assessment by law enforcement must (and I'm quoting the Reuters article that quoted the bill): "... include any risk associated with such system being produced, manufactured, or assembled by one or more entities that are owned, directed, or subsidized by China."
This. Is. Huge.
I'm not going to go over the whole China risk thing in-depth here because we've been down this trail before. See the links at the end of the article for a good set of reads on China's apparent inability to play well with others.
But I will say this: China, by all indications, wants it both ways. They want to sell us gear, bring our currency into their country, and grow their economy with the help of American purchasing power. But they also seem to want to sneak into our computer systems, constantly testing, probing, and attacking our networks, and otherwise cause us harm.
They want to make money from us at the same time they're willing to attack us.
What's been deeply disturbing me for years (and I've been writing about this here on CNN, and even giving lectures and advisories on this to government officials) is that Chinese gear is inside everything we use today.
The motherboard inside the computer I'm using right now was made in China. In fact, the computer I'm using right now was made in China. Your iPhone was assembled in China.
Many of the internal components and entire computers (Lenovo on its way to becoming the world's largest PC producer) are made in China. Telecommunications equipment is made in China. We even did a Great Debate here on ZDNet about whether it was wise to buy networking gear from Chinese Huawei, who has been involved in some dubious doings (and is becoming a major vendor of smartphones as well).
Think back to the Cold War days, when the Soviets and the Americans where banging shoes at each other and threatening total nuclear destruction. Would any of us (or our grandparents, I guess) have thought it made sense to buy security gear from the Soviets?
Of course not. Even the most pacifist peaceniks around would have thought that letting your enemy provide your security wasn't exactly a wise course.
And yet, that's what we've been doing. Nearly all of us rely on gear made by China. Nearly all of our personal and confidential passwords and logins travel over circuits made by China. Many of our networks and network switches, if not made by China directly, have Chinese components.
I applaud this action by Congress and the President (did you ever think I'd ever say anything like that?), and I encourage the government to take even more stringent action and due-diligence against foreign-supplied security equipment.
Related stories
Great Debate — Huawei: Should you put it in your data center?
Did Chinese security firm snag too many American security secrets before the barn door closed?
In China, many younger military leaders view America as the ultimate enemy
Dear Mrs. Clinton: whether you believe it or not, China is a threat to America
Pace University forensics expert on China and cybercrime (exclusive video)
Technology policy challenges faced by the U.S. Federal Government (video seminar)
Deconstructing a nasty Chinese World of Warcraft phishing scheme
Why the United States might pay China before we pay our own soldiers
Also see: There are chapters covering China in my book, How To Save Jobs (free PDF download)
And for balance, from ZDNet Asia: Dear America: Enough with the China-bashing already