On Nov 1, 2012, at 1:43 AM, Dan Ballance wrote:
> Hi guys,
>
> I greatly respect the collective knowledge about security matters on this
> list. What do you make of this BBC report? Here in the UK we are seeming
> happy to do business with China, but other countries are blocking over
> alleged security concerns. Do you think these concerns are legitimate or is
> this purely political protectionism?
>
> http://www.bbc.co.uk/news/business-20163907
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
There are two main ways businesses are at risk when dealing with China:
a) Trying to business _in_ China, the authorities won't let you setup shop
directly, but instead force you into a "joint venture" with an established (and
state-supported) Chinese company. In order to make and sell your products, you
have to transfer a lot of intellectual property to the joint venture. Guess
what happens to that intellectual property? Pretty soon there are multiple
Chinese companies making exactly the same thing you make, but selling for a lot
cheaper, and maybe not only in their domestic market.
b) Deploying Chinese-built infrastructure components in critical areas of your
country. There's a lot of hype about backdoors, but IMO the biggest practical
risk is the technical experts they send to do the support. Do people do
background checks on the support experts they send in who will have privileged
access and debugging capabilities? I doubt it. Maybe they don't even steal any
information directly, but simply file reports on how the infrastructure is
designed and connected. That information alone has strategic value.
Related to the original article, simply selling a stake as an investment
doesn't appear to be all that risky. It's a question of what access is granted
as a part of that investment. Do they get access to board members, to sensitive
financial data? If there's no access to non-public data or trade secrets, then
there wouldn't appear to be much risk.
Are politicians exploiting China-bashing for votes? Absolutely. Just like any
major issue, people are trying to hitch their wagon to it in improbable ways.
That doesn't mean there isn't any truth to it.
If you're a business going into China, know that their goal will be to replace
you with domestic companies within several years. Don't get bullied into
stretching past your risk tolerance. They're really good at making it seem like
you have a huge opportunity, if only you give in just a little bit more...
--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
