China Moves to Ease Foreign Concerns on Cybersecurity Controls
August 25 2016 - 10:30AM
Dow Jones News
China is taking a more inclusive tack in imposing cybersecurity
standards on foreign technology companies, allowing them to join a
key government committee in an effort to ease foreign concerns over
planned domestically-set controls.
The committee under the government's powerful cyberspace
administration is in charge of defining cybersecurity standards.
For the first time, the body earlier this year allowed select
foreign companies—Microsoft Corp., Intel Corp., Cisco Systems Inc.
and International Business Machines Corp.—to participate as working
group members, letting them actively take part in drafting rules,
rather than as observers, said people familiar with the
discussions.
How much influence the foreign firms will have over committee
deliberations remains to be seen, these people said. Over the past
few months, the committee's seven working groups—which focus on
encryption, big data and other cybersecurity issues—have each met
at least once.
Representatives from Microsoft and Cisco confirmed the companies
are members. IBM and Intel didn't immediately comment.
Taking a more consultative approach marks a shift in tactic for
Beijing after nearly two years of battling the U.S. and other
Western governments, as well as foreign business groups, over
efforts to tighten controls on information technology—in part by
pressuring suppliers to transfer technology and disclose
proprietary information.
"It's still early days, but there are encouraging signs that
China is recognizing the international nature of the tech supply
chain and working more broadly to align its strategy with the
market realities," said Bruce McConnell, a former U.S. Department
of Homeland Security cybersecurity expert who is vice president of
the EastWest Institute, a New York-based think tank, and isn't
involved with the Chinese committee.
Beijing has been intensifying efforts to secure its technology
supplies since Edward Snowden's revelations in 2013 about the U.S.
government's use of American products for espionage. U.S. trade
groups and other critics have said that China is using security
issues as a way to favor domestic tech companies.
China's new approach isn't likely to vent the heat over
technology controls. Earlier this month, 46 trade associations sent
a joint letter to Chinese Premier Li Keqiang saying a draft law on
cybersecurity that would increase government monitoring and mandate
data be stored locally would "weaken security and separate China
from the global digital economy," according to a copy of the letter
reviewed by The Wall Street Journal.
The committee the foreign firms are a part of is at the front of
the struggle over whether China will adopt standards that are
separate or blend with international norms.
Known as Technical Committee 260, or TC260, has the task of
defining what technologies are "secure and controllable," said the
people familiar with the committee.
The term "secure and controllable" appears in a number of
recently adopted and proposed security regulations, but has yet to
be defined in detail.
U.S. companies are concerned that the term will be used to
discriminate against non-Chinese products. Western companies have
already found it harder to sell to Chinese government agencies and
state-owned companies since the cybersecurity push began a few
years ago.
Other standards TC260 is grappling with include those for
rapidly evolving sectors like cloud computing and big data,
according to the people familiar with the discussions.
Originally comprised of 48 members, TC260 was expanded in
January to 81 members, mainly consisting of Chinese officials and
representatives of domestic technology companies.
The Cyberspace Administration of China, the internet regulator
that TC260 reports to, signaled a change in tone in its latest
cyber directives, issued Monday. As with previous ones, the new
guidelines urge stricter controls on cybersecurity, but they place
new emphasis on setting common standards across China's national
and local governments and in influencing global rule making.
"We should energetically participate in the development of
international rules and standards for the internet space, to
strengthen our power of discourse and our influence," the
administration said.
Aside from opening up the committee, Beijing has tried to show
it's responsive to foreign concerns on cybersecurity in other ways.
It suspended rules that would have required the financial sector to
prove their equipment is "secure and controllable" through
intrusive testing and information disclosure.
National security and counterterrorism laws that were passed
last year and that require tech companies to support government
security efforts rolled back some requirements such as encryption
code handover. In July, China took the unusual move of releasing
its draft Cybersecurity Law for a second round of public
comment.
Yang Jie, Don Clark and Jay Greene contributed to this
article.
Write to Eva Dou at eva.dou@wsj.com and Rachael King at
rachael.king@wsj.com
(END) Dow Jones Newswires
August 25, 2016 10:15 ET (14:15 GMT)
Copyright (c) 2016 Dow Jones & Company, Inc.
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Aug 2024 to Sep 2024
Microsoft (NASDAQ:MSFT)
Historical Stock Chart
From Sep 2023 to Sep 2024