When it comes to America's cybersecurity, I've been concerned about China's motivations and actions since at least 2008.
In The Coming Cyberwar in The Journal of Counterterrorism and Homeland Security, I detailed rumors of a suspected Chinese cyberattack that took out 9,300 square miles of electrical service. Later, in 2009, I asked CNN's audience if China is friend or foe.
More recently, National Defense Magazine reported that China apparently hijacked more than 15% of the world's Internet routes for about 18 minutes (what is it with 18 minutes, anyway?) and had the potential to listen in on vast amounts of traffic.
In my article, "State-sponsored cyberterrorism" for Counterterrorism Magazine (no online link, sadly), I wrote about how the 2009 Report to Congress of the U.S.-China Economic and Security Review Commission described Chinese penetration attacks against U.S. security facilities going back to 2007. Here's the important summary quote:
A large body of both circumstantial and forensic evidence strongly indicates Chinese state involvement in such activities, whether through the direct actions of state entities or through the actions of third-party groups sponsored by the state.
Our relationship with China is complex.
China is also America's largest creditor. When our government decides to spend more money it doesn't have, it's often China that covers the check. Our debt to them is reputed to be in the trillions of dollars.
Here on ZDNet Government, I've also talked about how concerned I am with some of China's military actions and attitudes towards the United States.
Most recently, I wrote about how a Chinese company called Huawei Technologies had acquired massively scalable supercomputer technology from a defunct U.S. firm -- and the possible risks that might present to American security.
Huawei Technologies is a $28 billion dollar telecommunications technology company with more than 110,000 employees. Huawei is not just some company, though.
In the Office of the Secretary of Defense Annual Report to Congress, Military Power of the People’s Republic of China 2008 (PDF), SECDEF described how Huawei maintains close ties with the Chinese People’s Liberation Army. The report also states:
Beijing is also emphasizing integration of defense and non-defense sectors to leverage the latest dual-use technologies on the market and the output from China’s expanding science and technology base.
All of this is cause for American security concern.
It is becoming more and more clear that China is a threat to American security and, in my professional opinion, we are in a digital Cold War with China and may have been since the middle of the last decade.
The latest threat may hit closer to home: on our own PCs. According to the Japanese-based Asian affairs publication, The Diplomat, Huawei may be getting (or already has) access to your PC via Symantec intellectual property.
In fact, you may -- right now -- be relying on Huawei to defend your PC from intruders, including those coming from China. Talk about the fox guarding the hen-house!
As it turns out, Huawei formed a partnership with Symantec (makers of some of the most widely used anti-malware software) called Huawei Symantec Technologies Co. Ltd. Located in Chengdu, China, Huawei owns 51% of the partnership.
This venture "inherits and further develops Huawei's accumulative strength in all IP-based product solutions, and technologies; possesses well-consolidated advantages in the field of infrastructure networks." In addition, the venture "incorporates Symantec's leading edge core IPR and software capability."
Now, here's where it gets creepy. According to slide 12 of the SlideShare presentation about the Huawei Symantec partnership, one of the goals of the company is to "build China’s first laboratory of attack and defense for networks and applications".
Read that carefully: attack and defense. Not just defense. Attack and defense.
In other words, a company with close ties to the Chinese PLA, a company with apparent access to (and possibly providing code for) one of the most commonly used anti-malware products in the world, has -- as one of its strategic goals -- the development of a laboratory for both cyberdefense and cyberattack.
Many of us rely on Symantec products to defend ourselves against cyberattacks coming from individuals, organized crime syndicates, and nation states (including China). If we're using software possibly built by the attackers to defend against the attackers, what's wrong with this picture?
Symantec's partnership with Huawei may be completely innocent---Huawei is a partner of Motorola and others---and great products may result. But if we are in a cyber cold war, back-channel deals could have a way of turning into back-door vulnerabilities. It may well be possible that many of us have unwittingly opened our computers to the enemy -- and paid actual cash for the privilege of doing so.
Big disclosure statement: Let's run down the list. I am a regular contributor to Counterterrorism Magazine and cyberwarfare advisor to its parent organization, the International Association of Counterterrorism and Security Professionals. I am also a member of the National Defense Industrial Association, the organization that produces National Defense Magazine. I am also a CNN Contributor for the Anderson Cooper 360 program. And, for a short time back in the 1980s, I was a senior executive at Symantec.
Do you use Symantec products? How safe do you feel? What about other antivirus and anti-malware products, many of which are also produced by foreign companies? Do you think China is going to become a problem for America? TalkBack below.