web analytics

New Chinese Counterespionage Law Aimed at US Tech Sector – Source: www.databreachtoday.com

new-chinese-counterespionage-law-aimed-at-us-tech-sector-–-source:-wwwdatabreachtoday.com
Rate this post

Source: www.databreachtoday.com – Author: 1

Cyberwarfare / Nation-State Attacks
,
Fraud Management & Cybercrime
,
Government

Experts Say China Aims to Retaliate Against US Tech Companies, Dissidents

Jayant Chakravarti (@JayJay_Tech) •
July 5, 2023    

New Chinese Counterespionage Law Aimed at US Tech Sector
Shanghai, China (Image: Shutterstock)

China on July 1 set into motion a revamped Counter-Espionage Law that seeks to protect national security agencies and documents, data, and materials related to national security from foreign adversaries. The measure gives Chinese authorities sweeping powers to investigate and even seize property of companies doing business in China.

See Also: Live Webinar | Reclaim Control over Your Secrets – The Secret Sauce to Secrets Security

China’s National People’s Congress first passed the Counter-Espionage Law in November 2014, signaling the Chinese Communist Party’s intent to safeguard state secrets the party designated as critical to national security, giving security agencies the power to take proactive action against suspected espionage activities.

The revised law, passed by the National People’s Congress Standing Committee on April 26, went into effect on Saturday and covers all forms of cyberattacks that target government bodies and China’s information infrastructure.

The revised law grants “state security organs,” the armed forces, the CCP and public institutions the power to proactively respond to all forms of network attacks, attacks on critical information infrastructure, and those that aim to obstruct, control or disrupt government functions. It also gives the government power to take legal action against foreign institutions suspected of carrying out espionage activities.

“Acts of espionage endangering the PRC’s national security that are carried out, instigated or funded by foreign institutions, organizations or individuals, or that are carried out by domestic institutions, organizations or individuals colluding with foreign institutions, organizations or individuals must be legally pursued,” it reads.

The revised law also gives agencies the power to “inspect the electronic equipment, facilities and related programs and tools of relevant individuals and organizations,” and seal or seize property if the entity under investigation fails to employ immediate corrective measures.

US Businesses Face Growing Uncertainty

Even before the revised law took effect, Chinese authorities had raided the Chinese offices of consulting firm Capvision and U.S. firms Bain & Company and the Mintz Group, detaining several employees. U.S. Chamber of Commerce President and CEO Suzanne Clark said the revised law and China’s raids on Western due diligence and consulting firms “ratcheted up risk and uncertainty in the market.”

Clark said China’s recent policy tools and practices are like economic coercion, extreme forms of digital protectionism and military-civil fusion, and they have made the world less secure. Clark hinted at pursuing supply chain alternatives in other countries. “Make no mistake, national security must come first – but it doesn’t have to come at the expense of our economic future,” she warned.

Billionaire investor Mark Mobius, who in March struggled to withdraw funds from China, told Fox Business that doing business in China is becoming increasingly problematic. “China also is trying to attract American companies to come into China, and of course, they will try to get information from these companies as much as they can. So it’s a real dilemma,” he said.

China’s increasing protectionist measures have the potential to deter foreign investment. The Cyberspace Administration of China in May banned sales of U.S. chipmaker Micron’s products following a cybersecurity review that revealed “relatively serious security issues” (see: China Bans Micron Chip Sales).

“Beijing intends to strengthen its grip over information in Chinese territory and uses the lucrative Chinese market to play its cards right,” said Sameer Patil, senior fellow at New Delhi-based policy think tank Observer Research Foundation. “Beijing wants foreign businesses to operate in China but the stability and continuity of the Chinese Communist Party is its foremost national security objective.”

Patil said Beijing defines national security based on its objectives, but this creates a gray area for foreign businesses as they may not know which action of theirs could trigger the CCP to action. China’s counterespionage actions could affect the data security of technology companies the most, depending on the nature of the data that authorities intend to access.

China’s Tech Dominance at Stake

Patil said that China wants to encourage the domestic technology ecosystem, surge ahead of the United States in technological dominance and deploy executive action to ring-fence its technology sector from potential espionage efforts, similar to how it implemented its own web firewall.

Kaushal Chandel, assistant professor at the New Delhi-based Jawaharlal Nehru University Center for Chinese and South East Asian Studies, said China’s law is another indication of the regime’s growing assertiveness. China is willing to send out the message that it can prosecute any foreign company in response to U.S.-led economic or technology sanctions.

Chandel said the new law could also be the party’s way to tackle rising discontent among Chinese citizens. “A significant percentage of citizens were not happy with [Xi] Jinping becoming the chairman of the CCP for the third time, and recent economic woes and the government’s alleged mismanagement of the COVID-19 pandemic added to their discontentment,” Chandel said. “The new law could let the government crack down on people who may create disturbances or agitate against the CCP. The regime’s security is of upmost importance to the government,” he said.

But China’s options may be limited. Patil said the CCP’s aggressive posture may placate the domestic audience, but if there is no prosperity, it may dent the legitimacy of the party. “China may be forced to selectively apply provisions of the law to ensure foreign technology companies are not driven out of the market. It needs to take corrective measures to ensure that tech investors continue to invest and the economy grows.”

Amit Bhandari, senior fellow at Mumbai-based public policy think-tank Gateway House, said the growing economic and geopolitical U.S.-China rivalry will continue to affect companies doing business in China, and businesses will have to create a separation between their Chinese and non-Chinese arms to avoid sanctions or scrutiny.

Bhandari cited the example of U.S. venture capital giant Sequoia Capital splitting off its Chinese division in June after U.S. President Joe Biden signaled the government’s intent to prescreen U.S. investments in China’s artificial intelligence and semiconductor sectors.

“Foreign governments are beginning to realize that there is no real separation between the Chinese government and Chinese private companies. The U.S. and Canada recently took steps to prevent the acquisition of domestic companies by Chinese enterprises and investigate investments in Chinese businesses,” he said. “Businesses operating in China face the possibility of reciprocal action from China.”

Original Post url: https://www.databreachtoday.com/new-chinese-counterespionage-law-aimed-at-us-tech-sector-a-22463

Category & Tags: –

Views: 0

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

Nathalie Cole
How Much 10 Companies Paid Their Virtual CISO Service in 2022 Benchmark by Nathaniel Cole
How Much 10 Companies Paid...
Tushar Subhra Dutta
Top 10 Cyber Attack Maps to See Digital Threats 2022 by Tushar Subhra Dutta – Cyber Security News.
Top 10 Cyber Attack Maps...
Microsoft
Microsoft Zero Trust Maturity Model
Microsoft Zero Trust Maturity Model
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Microsoft
Microsoft 365 and the NIST Cybersecurity Framework
Microsoft 365 and the NIST...
ACSC Australia
Cyber Incident Response Plan Template by ACSC & Australian Goverment
Cyber Incident Response Plan Template...
Marcos Jaimovich
The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.
The Silent Spectre Haunting Your...
Marcos Jaimovich
Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?
Goodbye to Traditional: Why Conventional...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...

LASTEST PUBLISHED POSTS

CASOS DE USO APLICABLES EN UN SIEM
CASOS DE USO APLICABLES EN...
IGNITE Technologies
Burp Suite for Pentester
Burp Suite for Pentester
The Institute of Internal auditors
Auditing Risk Culture
Auditing Risk Culture
DevSecOps Guide
ATTACKING PHP APPLICATIONS
ATTACKING PHP APPLICATIONS
DevSecOps Guide
ATTACKING KUBERNETES WITH SECURITY BEST PRACTICE
ATTACKING KUBERNETES WITH SECURITY BEST...
CLTC WHITE PAPER SERIES
Guidance for the Development of AI Risk and Impact Assessments
Guidance for the Development of...
Active Directory
Active Directory IT AuditChecklist
Active Directory IT AuditChecklist
A guide to business continuity planning
A guide to business continuity...
LOG RHYTHM
Using MITRE ATT&CK™ in Threat Huntingand Detection
Using MITRE ATT&CK™ in Threat...
Kaspersky
H2 2023 – A brief overviewof main incidentsin industrial cybersecurity
H2 2023 – A brief...
Andrey Prozorov
24 Great Cybersecurity Frameworks
24 Great Cybersecurity Frameworks
ENISA-EUROPA
SEGURIDAD DE TELECOMUNICACIONES
SEGURIDAD DE TELECOMUNICACIONES

More Latest Published Posts

SF-ISAC
Digital Operational Resilience Act
Digital Operational Resilience Act
SYNGRESS
DIGITAL FORENSICS WITH Open Source TOOLS
DIGITAL FORENSICS WITH Open Source TOOLS
IT REVOLUTION DEVOPS ENTERPRISE FORUM
DevOps Automated Governance Reference Architecture
DevOps Automated Governance Reference Architecture
SANS GIAC CERTIFICATIONS
Detecting Attacks on Web Applications from Log Files
Detecting Attacks on Web Applications from Log Files
EUROPEAN DATA PROTECTION SUPERVISOR
ANNUAL REPORT 2023
ANNUAL REPORT 2023
TechTarget
IT Disaster Recovery Plan Template
IT Disaster Recovery Plan Template
Opstune
IOC Scan Framework v2.0
IOC Scan Framework v2.0
Federal Office for Information Security
Indirect Prompt Injections
Indirect Prompt Injections
the Department of the Environment Climate and Communications
Guidelines on CyberSecurity Specifications
Guidelines on CyberSecurity Specifications
Edelman
INCIDENT RESPONSE REFERENCE GUIDE
INCIDENT RESPONSE REFERENCE GUIDE
Security METRICS
Security Metrics Guide to PCI DSS Compliance
Security Metrics Guide to PCI DSS Compliance
SOC TIPS Cybersecurity
Guia de Resposta a Incidentes de Segurança para LGPD
Guia de Resposta a Incidentes de Segurança para LGPD
CDCP
FIREWALL Audit CHECKLIST
FIREWALL Audit CHECKLIST
GitGuardian
Secrets Management Maturity Model
Secrets Management Maturity Model
MegaCorp One
Sample Penetration Test Report
Sample Penetration Test Report
FORTINET
Routing in FortiGate
Routing in FortiGate
FUTURE OF PRIVACY FORUM
Risk Framework Body Related Data (PD) Immersive Tech
Risk Framework Body Related Data (PD) Immersive Tech
ENISA
Remote ID Proofing Good Practices
Remote ID Proofing Good Practices
Google
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Why Red TeamsPlay a Central Rolein Helping OrganizationsSecure AI Systems
Red Canary
Threat Detection Report 2024
Threat Detection Report 2024
HADESS
Pwning the Domain Persistence
Pwning the Domain Persistence
Australian Goverment
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
PROTECTIVE SECURITYPOLICY FRAMEWORKSecuring government business:Protective security guidance for executive
CISC (Comité Internacional Sobre Ciberseguridad)
Política Nacional de Ciberseguridad 2023-2028
Política Nacional de Ciberseguridad 2023-2028
Google
Perspectiveson Securityfor the Board
Perspectiveson Securityfor the Board
HADESS
OSINT Method for Map Investigations
OSINT Method for Map Investigations
CCN-CERT
Observatorio Riesgos Ciberseguridad 2024
Observatorio Riesgos Ciberseguridad 2024
CYBERTHEORY
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
The ISMG Cybersecurity Pulse Report 2024 is a treasure trove of insights from the RSA Conference, revealing the dynamic landscape of cybersecurity. From AI to Zero Trust: A comprosive guide to the key themes and expert opinions from RSA CONFERENCE 2024 – #RSAC2024
FORTINET
Bloking Malware Through Antivirus Security Profile in FortiGate
Bloking Malware Through Antivirus Security Profile in FortiGate