It's about frickin' time: US govt requires security review for Chinese tech purchases

It's about frickin' time: US govt requires security review for Chinese tech purchases

Summary: We have been letting the fox guard the hen house for far too long, and it's high time the US government did something about it.

SHARE:
56

If you look out the window, you might notice that the moon is blue. If you check the Weather Channel, reports are that hell has indeed frozen over. As unlikely as it may seem, our politicians have apparently done something right.

In order for America's government to fund its operations, programs, and agencies, money has to be allocated for this purpose on a regular basis. In many years, that budget money is allocated through something called a "continuing resolution", which passed in Congress and signed by the President.

A continuing resolution passed this year as well, except this time, it had some teeth, in particular when it comes to China's ongoing acts of apparent espionage and skulduggery.

Put simply, the newly signed 240-page law requires law enforcement authorities to be consulted and to perform a cybersecurity and sabotage risk assessment when buying IT gear.

Here's the hot button, the once-in-a-blue-moon, hell-freezing-over smart move by our politicians. The formal risk assessment by law enforcement must (and I'm quoting the Reuters article that quoted the bill): "... include any risk associated with such system being produced, manufactured, or assembled by one or more entities that are owned, directed, or subsidized by China."

This. Is. Huge.

I'm not going to go over the whole China risk thing in-depth here because we've been down this trail before. See the links at the end of the article for a good set of reads on China's apparent inability to play well with others.

But I will say this: China, by all indications, wants it both ways. They want to sell us gear, bring our currency into their country, and grow their economy with the help of American purchasing power. But they also seem to want to sneak into our computer systems, constantly testing, probing, and attacking our networks, and otherwise cause us harm.

They want to make money from us at the same time they're willing to attack us.

What's been deeply disturbing me for years (and I've been writing about this here on CNN, and even giving lectures and advisories on this to government officials) is that Chinese gear is inside everything we use today.

The motherboard inside the computer I'm using right now was made in China. In fact, the computer I'm using right now was made in China. Your iPhone was assembled in China.

Many of the internal components and entire computers (Lenovo on its way to becoming the world's largest PC producer) are made in China. Telecommunications equipment is made in China. We even did a Great Debate here on ZDNet about whether it was wise to buy networking gear from Chinese Huawei, who has been involved in some dubious doings (and is becoming a major vendor of smartphones as well).

Think back to the Cold War days, when the Soviets and the Americans where banging shoes at each other and threatening total nuclear destruction. Would any of us (or our grandparents, I guess) have thought it made sense to buy security gear from the Soviets?

Of course not. Even the most pacifist peaceniks around would have thought that letting your enemy provide your security wasn't exactly a wise course.

And yet, that's what we've been doing. Nearly all of us rely on gear made by China. Nearly all of our personal and confidential passwords and logins travel over circuits made by China. Many of our networks and network switches, if not made by China directly, have Chinese components.

I applaud this action by Congress and the President (did you ever think I'd ever say anything like that?), and I encourage the government to take even more stringent action and due-diligence against foreign-supplied security equipment.

Related stories

Topics: Security, Government, China

About

David Gewirtz, Distinguished Lecturer at CBS Interactive, is an author, U.S. policy advisor, and computer scientist. He is featured in the History Channel special The President's Book of Secrets and is a member of the National Press Club.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

56 comments
Log in or register to join the discussion
  • Romney wouldn't have signed it

    He actually fired Americans and shipped their machinery and jobs to China. China is his $friend. Elections have consequences.
    D.J. 43
    • Not a political issue

      Romney was a DB, and I proudly voted for Obama. But let's not make this a partisan issue. This is a genuine national security issue, and I'm glad we're starting to get serious about cyber-security when it comes to incredibly complex systems that are perfect candidates for illicit snooping gear.

      I don't say that we flat refuse to buy stuff that's made in China, but perhaps we need some sort of monitoring regime in place to ensure that we're not being shipped computers and components with built-in, remotely activated snooping gear.
      dsf3g
      • cyber security is an issue, and the govt should check what it buys

        but tons of hacking of government systems comes from Europe, the Middle East, and Africa. the fact that they're only targeting China shows this has nothing to do with security- it's just protectionism to give US companies like Cisco a boost.
        theoilman
        • I'm ok with that.

          So, what was your point?
          mlashinsky@...
      • You talk of regulations, which is what the free market people do not want

        So we need another solution.
        HypnoToad72
        • Are you saying China practices free market?

          If so, you have not been paying attention. I feel the response is appropriate -- at least for now.

          Next on the agenda, someone look into the trend of contracting the manufacture of armaments to foreign companies.
          auogoke@...
    • And Obama's friends do the same thing

      and he doesn't bat an eye, so what was your point?
      DontUseGoogleAtAll!
      • And I have a friend that does roofing...

        I don't bat an eye, so apparently I am a roofer in your eyes?
        mrefuman
      • My point:

        Obama actually signed some good policy regarding China. Romney - there would've been no way.
        D.J. 43
      • When? Where?

        Would you care to elaborate? FAUX NEWS innuendo should not be mistaken for facts.

        Thanks in advance.
        auogoke@...
  • China

    America wanted to use China's low cost labor force so it can have cheap gadgets then moans that they have caught up technologically and look like surpassing the USA. Can't have the cake and eat it.

    To use the quote that Admiral Yamamoto never actually said:

    "I fear we have awakened a Sleeping Dragon"
    Alan Smithie
    • Not really true

      technology wise, the US is still ahead, the issue is that we don't have anywhere near the amount of low cost human assemblers that China does.

      That doesn't mean we should start letting them spy on us.
      DontUseGoogleAtAll!
      • All nations spy on each other.

        The USA is no different, I agree that you don't leave the front door open though.

        As for technology, never underestimate your opponent - there are some very brilliant scientists and engineers in China, plus they work damn hard.
        Alan Smithie
        • True, but...

          ...U.S. and other Western corporations have a lot more independence from their respective governments than Chinese ones do.

          In a totalitarian state, there is no such thing as free enterprise, nor can there be.
          John L. Ries
          • Not sure about that John

            In the west, corporations own the politicians. In the east the politicians own the corporations.
            Alan Smithie
          • Free elections make a difference

            In China the politicians are solely responsible to the Communist Party, whichkeeps power by force and intimidation and controls all public communications. Here in the west, there is a choice of candidates and secret balloting, which means politicians have some incentive to pay attention to public opinion when the public is actually paying attention (usually we don't, which is part of the problem). And while the news media are far from perfect, they actually are independent of government. Lobbyists and their employers have the most influence on things the public doesn't understand or care about (like "IP" law) and the least on things the public does understand and cares deeply about (things that might cause incumbents to be unseated if they vote the wrong way).
            John L. Ries
          • That's funny

            You actually think having two political parties running virtually identical candidates and indistinguishable on any policy that matters, means that we have a choice?

            The news media are in theory independent of government, but in reality do the bidding of their corporate owners, who are so deeply embedded with the politicians you might as well call it state-run media.
            PepperdotNet
          • Totalitarian? Go to Beijing and discover otherwise

            I think that those who have never been in China in the last 5 years should check it out twice in their lives. In doing so, you will be totally shocked at how quickly things are progressing there while the US is still holding onto the ancient image of the old communist regime of what China is. The sad truth is that China is becoming more "American", while America is looking more and more like a totalitarian state of China in the past. Just wait and see what happens in the next 4 years in the US. I am soooo sad abouit the lies that are being fed to the public here.
            HardTruth
          • Really?

            Can people badmouth the Communist Party or its leaders without risking arrest? Has the constitutional provision guaranteeing Communist Party supremacy been repealed? Are people allowed to form private organizations independent of Party control (even churches)? Is there even some semblance of an independent judiciary? And why all the effort to block out subversive content residing on foreign websites?

            Just because Mao jackets are no longer in fashion doesn't mean the society isn't still totalitarian.
            John L. Ries
        • So, we should just accept that China

          is spying on us because we are spying on others? Get real!
          auogoke@...