site: HOME > > Economic > News > Nation
Cyber Security: A View from China
Summary:"If we're classified as an enemy country like Iran is and are attacked, when encountering a flame virus like Stuxnet the country's electrical grid and entire economy could be paralyzed."

By Cao Xingbi (曹惺璧)
Issue 610, Mar 11, 2013
Business Review, page 44
Translated by Zhu Na
Original article: [Chinese]

The world is becoming more and more reliant on information technology, but China must face up to the reality of just how much of its IT infrastructure in key fields such as finance, energy, and telecommunications relies on foreign technology.

Data centers at China's four major state-owned banks, and many city commercial banks, depend on equipment from the U.S. based Cisco Systems. Cisco also holds more than 70 percent of the market share when it comes to the systems that help China's financial industry operate. In customs, public security, industry and commerce, education and other government ministries and agencies, Cisco holds over 50 percent of market share; in airports and ports, its market share reached over 60 percent. In China's internet industry, Cisco's market share reached about 60 percent. In the field of media, its share has reached more than 80 percent.

Information security is no longer a simple business issue. It's a matter of national security. However, our awareness, management and legislation in this area is far less than what's needed.

A Crisis More Serious than Imagined

Nearly 8.9 million PCs were hijacked in China in 2011 by close to 50,000 foreign IP addresses operating as Trojans or botnet control servers, according to a report released by the National Computer network Emergency Response technical Team (CNCERT), which operates under the Internet Emergency Response Coordination Office (中国国家互联网应急中心) of the Ministry of Industry and Information Technology (MIIT).

According to a CNCERT report released earlier this month, the number of hijacked computers rose to over 14 million in 2012.

"During this instance of American's hyping of the "China threat" (中国威胁论), there's been reference to this concept of "command and control centers," the Director of the Institute of National Network Information Security Technology Research (INNISTR), Du Yuejin (杜跃进), said at a recent forum on state security and information sovereignty held by the EO. "In fact, many of these command and control command centers are in the United States."

INNISTR was involved in research on the underground hacker industry in 2006 that found that hacking had caused upwards of 76 million yuan of losses for the state in that year.

However, the consequences can be even more serious. On May 15, 2009, network outages occurred across China after hackers launched a distributed denial of service (DDoS) attack against the servers of DNSPod, a Chinese DNS (domain name system) provider and domain registrar. As DNSPod's servers were also used by Baofeng, a highly popular Chinese video streaming service, the attack soon triggered a chain reaction that ended up effecting hundreds of millions of internet users.

As users become more interdependent and networks more complex, even a small problem can now cause chain reaction. A small action by a hacker, even if that's not their goal, has the potential to paralyze an entire network.

Cisco, the world's largest networking equipment manufacturer, has frequently shown security vulnerabilities. In 2005, Michael Lynn, a famous American computer security expert, exposed major vulnerabilities in Cisco's Internetwork Operating System that the company had failed to warn its users about.

"In the event of a conflict, Cisco's equipment could play a significant role," said Cui Guangyao (崔光耀), executive editor of China Information Security magazine. "If we're classified as an enemy country like Iran is and are attacked, when encountering a flame virus like Stuxnet [a computer worm believed to have been created by the U.S. and Israel to attack Iran's nuclear facilities] the country's electrical grid and entire economy could be paralyzed."

Independent and Controllable Consensus

Some experts in the field of cyber security have suggested some countermeasures to threats against information security.

Firstly, information security needs to be raised to the national level with a top-down strategy.  

Network infrastructure is often used in key areas related to the national economy, people's livelihood, and national security. Therefore, the U.S. would opt for home-grown technology rather than use equipment produced by Huawei.

However, for the past several years China has welcomed many foreign companies, even provided them with special treatment, under the mindset of "GDP first". Under these conditions, Cisco thrived in China, where it made 30 percent of its global profits. Now, Cisco's telecommunications equipment is widely used in China's commerce, education and government sectors. "The importance of security in the electronic information field cannot be measured by GDP," said Ni Guangnan (倪光南), an academic at the Chinese Academy of Engineering.

Secondly, legislation concerning this issue needs to be enhanced. Zhao Zhanling (赵占领), a researcher at the Intellectual Property Center of China University of Political Science and Law, says that although the legislation of information security was improved last year, there are still many shortcomings. Current legislation emphasizes the security of information resources including the security of contents and personal information protection, but legislation is still lacking for the security of the information infrastructure itself.

Thirdly, China needs to become more independent. According to Du Yuejin, China's dependency on foreign products puts it at great risk.

Of course, in order to lessen dependence on foreign companies, domestic enterprises should strengthen their own research and development capabilities.

Finally, China must be bold in making its voice heard in the international arena. China rarely speaks out in the information security field and the Chinese media seldom reports on this topic. As a result, the "hacker threat" narrative is directed at China by other countries, but no one hears China's voice. 

Related Stories


Comments(The views posted belong to the commentator, not representative of the EO)

username: Quick log-in

EO Digital Products

Multimedia & Interactive