U.S. companies have already begun to lobby against it.

China’s new cybersecurity law, expected to take effect next June, could hurt any foreign firm looking to do business in the world’s second-largest economy. Though the law is intended to fight non-Chinese and Chinese hackers, it also requires that foreign companies provide China’s government with potentially sensitive information about network equipment and software. Given the weaknesses of China’s enforcement of laws around intellectual property, it’s easy to see how trade secrets can fall into the hands of Chinese competitors at the expense of the best interests of foreign firms.

Businesses most at risk will be those with special hardware and systems for network management, which could well include ATMs. Because new-generation ATMs have a much higher level of connectivity, they’re more vulnerable to hacking, which is why they require sophisticated encryption devices and software to secure transactions. This cybersecurity law thus provides the government with the legal tool to obtain all such anti-hacking proprietary security hardware and software, which could then be passed on to relevant Chinese firms. And having access to the hardware and software means firms would have access to individuals’ personal banking information, as well.

The new law is also counterproductive because the scope of information that foreign companies will be required to provide to Chinese officials is worryingly broad. Complying with this requirement will force U.S. firms to make expensive investments to build duplicate facilities within China. This is in total contradiction with the free flow of data, expected to swell in 2020 after the introduction of 5G.

U.S. companies will have to weigh this risk against the opportunity to do business in China, which has developed a reputation for ‘copying’ without getting insider access. For international companies, there is no easy way forward, as the choice is black or white. Either foreign companies will comply, knowing China has a way to peek into what was previously private, or they will choose to stand by principles of privacy at the risk of being excluded from the Chinese market. Despite the challenging dilemma, companies are likely to comply and give in to China’s demands. The market is too huge and far too ripe for future growth to be ignored, especially when compared to more stagnant outlooks in Europe and the U.S.

In addition to creating barriers for international business in China, this kind of legislative move could stall innovation. It could well be considered to be part of what is called “indigenous innovation” in China, which consists of favoring Chinese firms by establishing non-tariff barriers—such as specific standards or regulations on products—in order to prevent non-Chinese firms the access to China’s large and dynamic market. And the impact would be wide-ranging, from consumer electronics to products, such as equipment to produce renewable energy, including windmills and solar panels.

Innovation involves a complex process, but it requires a society to be as open as possible and to allow vibrant exchanges between people. While cybersecurity is important, this law will wrap around the free market as it grips security. Within China, entrepreneurs are, by and large, not bothered by their government’s management of the Internet, called the “great firewall.” However, this new law is a new step to tighten the government’s grip on Internet. Furthermore, far from favoring China’s champions in this very dynamic area, such as Huawei, Lenovo, or Tencent, this law will handicap them in the long term. Maybe the hope is that these companies themselves will fight to alter the law and mitigate the negative implications for China’s Internet landscape.

U.S. companies have already begun to strongly lobby against the law, as well as China’s position that the Internet must be managed by authorities. But despite the efforts of any company, American, Chinese, or other, the cybersecurity law is just a piece of a larger ongoing political puzzle that companies will have to deal with. In the end, agility will be key for companies to succeed in the tense political environment.

Georges Haour is a professor of technology and innovation management at IMD business school and co-author of the new book, Created in China: How China is Becoming a Global Innovator (Bloomsbury, London, 2016).

Source: http://fortune.com/2016/12/01/china-cybersecurity-law-business/

***************************

(CNN)About a year ago, China and the United States formally agreed not to conduct or knowingly support the cyber theft of each other’s intellectual property.

So, how is that agreement working out?
.
Not great, said Adm. Mike Rogers, head of US Cyber Command.
.
“Cyber operations from China are still targeting and exploiting US government, defense industry, academic and private computer networks,” Rogers said last April during testimony before a US Senate committee.
.
Cyber theft of US trade secrets can easily ruin American businesses and result in higher prices for consumers. Even more worrisome, stolen American military secrets could put US servicemen and women at risk during combat.
.
.
“Russia and China are growing more assertive and sophisticated in their cyber operations,” White House spokesman Josh Earnest told reporters last July.
.
China’s cyber tactics may be getting “more assertive,” but the number of China-based hacking instances against the US government and American companies has declined in the past two years, according to US cyber security firm FireEye.
.
Despite all the fingers pointed in its direction, Beijing has long denied any responsibility for hacks and attacks — instead blaming internal “criminals” and rogues.
.
.
In 2004, an FBI probe nabbed an American engineer named Chi Mak who was convicted of trying to send digital information about secret US Navy technology to the Chinese government. The investigation is detailed in CNN’s Original Series “Declassified.”
.

Declassified Ep. 7 Chi Mak 2 _00001419

How the US searched a Chinese spy’s home without leaving a trace 01:16

How cyber spies operate

Sometimes cyber-spy targets might surprise you. A June New York Times report described how Chinese hackers took over a “dusty old computer” at a small welding company in Belleville, Wisconsin, to stage global assaults.
.
“We were totally freaked out,” co-owner Lori Cate told The Times. “We had no idea we could be used as an infiltration unit for Chinese attacks.”
.
CBS News reported on how China-based spies use malware and spear phishing to allow hackers to watch you at your desk without your knowledge. Spear phishing is harmful email disguised to look like it’s from a familiar business or someone you know.
.
The bad guys want you to open the email, click on an attachment and boom — your computer is now working for the spies.
.
.
.
Countries like China are turning “to proxies (to) do their bidding in order to provide plausible deniability,” said Frank J. Cilluffo the director of the Center for Cyber & Homeland Security, during testimony last February before a US House committee.
.
Hacker groups known by names like Deep Panda, C0d0so0 (aka Codoso) have been blamed for raiding computer systems at law firms, banks and Forbes.
.
One group which has been “attributed to China” has been dubbed “Mofang,” reports Wired.
.
“Mofang has targeted government agencies in the US, military agencies in India and Myanmar, critical infrastructure in Singapore, research and development departments of automotive companies in Germany, and the weapons industry in India,” Wired reported in June.
.
Not only could stolen data be used to copy new American products and secret military technology, Cilluffo warned it could be used as a weapon “to blackmail and recruit Americans” — potentially to be forced to act as Chinese agents.
.
Sometimes the espionage is about defending against an enemy.
.
“Beijing also selectively uses cyber attacks against targets it believes threaten Chinese domestic stability or regime legitimacy,” said James Clapper, US director of national intelligence, during congressional testimony last February.
.

What cyber spies want

.

“China’s aggressive collection efforts appear to be intended to amass data and secrets (military, commercial/proprietary, etc.) that will support and further the country’s economic growth, scientific and technological capacities, military power, etc. — all with an eye to securing strategic advantage,” Cilluffo said.
Sometimes the spying may be about getting the inside track.
.
Cyber spying malware has been linked to China in arbitration over islands in the South China Sea claimed by the Philippines but occupied by China, according to a report in The Hill.
.
An antivirus firm called F-Secure found malware linked to China on computers in the Philippines’ justice department, a law firm representing a party in the dispute and members of the Asia Pacific Economic Cooperation Summit, The Hill reported.
.
Sometimes it’s simply about copying hardware.
.
Countries can save untold money and time by stealing information that will help them duplicate rival products and weapons, instead of developing them legitimately. Last March, a 50-year-old Chinese citizen named Su Bin pleaded guilty to conspiring to hack into the computer networks of top US military contractors to pilfer sensitive information to send to China.
.

Last March a man admitted trying to steal data for China about Boeing's C-17 military transport.

He worked with two unidentified people for more than five years to target military data, including information about Boeing’s C-17 transport plane and certain fighter jets, the Justice Department said.
.
.
Clapper: Cyber intrusions blur war and peace
.
Director of National Intelligence James Clapper listens on Capitol Hill in Washington, Tuesday, Feb. 9, 2016, while testifying before a Senate Armed Services Committee hearing on worldwide threats. (AP Photo/Evan Vucci)
.
Overall, China has been successful in using cyber espionage against the US government, its allies and American companies, said Clapper.
.
He predicts China will continue to challenge the US at “lower levels of competition,” including “cyber intrusions, proxies and other indirect applications of military power — that intentionally blur the distinction between peace and wartime operations.”
.
In other words, get used to looking over your shoulder, because it’s likely that the threat of cyber espionage blamed on China will be with us for a long, long time.

http://www.cnn.com/2016/08/23/us/declassified-china-cyber-espionage/

Chinese Curb Cyberattacks on U.S. Interests, Report Finds

WASHINGTON — Nine months after President Obama and President Xi Jinping of China agreed to a broad crackdown on cyberespionage aimed at curbing the theft of intellectual property, the first detailed study of Chinese hacking has found a sharp drop-off in almost daily raids on Silicon Valley firms, military contractors and other commercial targets.

But the study, conducted by the iSight intelligence unit of FireEye, a company that manages large network breaches, also concluded that the drop-off began a year before Mr. Obama and Mr. Xi announced their accord in the White House Rose Garden. In a conclusion that is largely echoed by American intelligence officials, the study said the change is part of Mr. Xi’s broad effort to bring the Chinese military, which is considered one of the main sponsors of the attacks, further under his control.

As a result, the same political forces that may be alleviating the theft of data from American companies are also responsible for Mr. Xi’s stunningly swift crackdown on the Chinese media, bloggers and others who could challenge the Communist Party.

Source (read it all): http://www.nytimes.com/2016/06/21/us/politics/china-us-cyber-spying.html