China policy could force foreign security firms out
IDG News Service - China is stepping up efforts to keep the security systems that protect its critical infrastructure in the hands of local firms, and that could be bad news for companies based outside the country.
China has started sending out inspectors to check for compliance with a little-known initiative called the Multi-Level Protection Scheme (MLPS), the Associated Press reported Wednesday. Introduced three years ago by China's Ministry of Public Security, it mandates that core products used by government and infrastructure companies such as banks and transportation must be provided by Chinese companies.
Over the past year, government inspectors have been telling some companies that they must switch to Chinese firewalls and other types of security technology, the AP said.
The development could force security vendors such as Cisco Systems and Symantec out of important parts of the growing market, or force them to partner with local businesses, said Stephen Kho, senior counsel with Akin Gump Strauss Hauer & Feld, an international law firm based in Washington. "Right now, it seems to only affect the companies that are in the information security sector," he said.
The MLPS regulations have been public since 2007, but it wasn't clear until recently that China would actually enforce them, Kho said. "When they put this one in place, nobody really paid any attention to it," he said. "A lot of times these laws stay on the books and they do nothing."
Critics worry that China may be leveraging security concerns to shut down free trade in its growing security products market.
The MLPS covers critical infrastructure companies, and China has said most government agencies and state-owned companies must be fully compliant by this year, according to a recent report by the American Chamber of Commerce in China. This requirement could have "serious implications" for companies that sell to critical infrastructure operators in China, the report states.
The MLPS is just one of several policies designed by China over the past few years to spur homegrown technology development. Groups like the American Chamber of Commerce worry that they simply close out foreign competition. "[P]olicies that China is adopting under the banner of 'indigenous innovation' are increasingly closed and protectionist in nature," the group wrote in its report.
In a blog post last year, Oracle Director of Standards Strategy and Policy Trond Undheim said other laws and regulations are also at play here, including the Chinese Compulsory Certification (CCC), which requires the disclosure of intellectual property in some security products.
"China is at the moment poised to limit the global IT industry's footprint in their country," Undheim wrote. "They have devised a quite devious set of schemes to do this, centered around IT security legislation."
Reached Thursday, Juniper Networks, Symantec and Trend Micro all declined to comment on the matter. Cisco and McAfee did not immediately respond to requests for comment.
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Defense throughout the Vulnerability Life Cycle with Alert Logic Threat and Log Manager New security threats are emerging all the time, from new forms of malware and web application exploits that target code vulnerabilities to attacks...
- QA Automation: Reducing Test Execution While Improving Coverage A leading capital investment firm in the US was in need of a comprehensive, cost effective and flexible solution to reduce their existing...
- Protect your brand with Alert Logic PCI DSS compliance solutions Alert logic's cloud-powered solutions help organizations that process, store or transmit credit card data eliminate the burden of PCI compliance. This product brief...
- Expert Panel: Enterprise Mobility and Data Loss Prevention When it comes to enterprise mobility, it's not just about devices, it's about the way people work. Hear this expert panel discuss the...
- Princess Cruises collaborates across the globe in the IBM cloud Norm Ayers, Director of Emergency Response and Social Projects at Princess Cruises explains how IBM and Cloud helped the company rapidly scale its... All Management White Papers | Webcasts