The United States Department of Homeland Security (DHS) recently published an advisory outlining the risks that businesses open themselves to if they use Chinese hardware and software services.
US businesses should steer clear of Chinese hardware and software services. This is the focal point of the guide issued by the DHS recently. The federal agency is urging businesses in the US to avoid completely Chinese-made hardware and services offered by known Chinese companies, particularly those with close links to its government or are in fact state-owned. The warning came amid suspicion that using hardware or software services linked to or produced by Chinese state-owned companies exposes US businesses to hacking and data theft.
DHS advises companies to avoid Chinese hardware and software services | AppleInsider... (https://t.co/Na40it1j3L) — What Digital (@WhatDigital) December 23, 2020
The DHS published a guide outlining the alarming risks that US businesses expose themselves to if they opt for hardware and software services created by companies with links to or owned by the Peoples' Republic of China (PRC). The federal agency also advised US companies to avoid any type of business coming out of the Central or Middle Kingdom.
In a fifteen-page guide entitled "Data Security Business Advisory," DHS began with a warning statement for US businesses about the likelihood of exposing themselves to hacking and data-theft if they use Chinese hardware and software services. "Businesses expose themselves and their customers to an increased risk when they share sensitive data with firms based in the PRC, or use equipment and software developed by firms with an ownership nexus in the PRC," the DHS wrote in its recently published guideline.
Among the risks mentioned by the DHS if US businesses do not avoid using Chinese hardware and software services include theft of intellectual property, confidential business information, and trade secrets. The guideline also states that businesses using such Chinese-made hardware and software services increase the risk of "violations of U.S. export control laws; violations of U.S. privacy laws; breaches of contractual provisions and terms of service; security and privacy risks to customers and employees; risk of PRC surveillance and tracking of regime critics; and reputational harm to U.S. businesses."
The DHS document argues that the 2017 National Intelligence Law of China is a major source of risk, as it "obliges all PRC firms and entities to support, assist, and cooperate with the PRC intelligence services, which creates a legal obligation for those entities to turn over data collected abroad and domestically to the PRC." Because of this, the DHS urges US businesses to avoid Chinese hardware and software services to minimize, if not completely eradicate, the risk.
The Data Security Law of China, which is set will become active in 2021, also did not escape the crosshairs of the DHS. According to the federal agency, the new law gives additional surveillance powers to the Chinese government and it will "force foreign markets to remain open to Chinese data services providers." The DHS, therefore, advised US businesses to avoid using Chinese hardware and software services, including Chinese data centers, and going into ventures with Chinese companies.
