The ongoing cyber brinksmanship between the United States and China continued on Jan. 21 as Reuters reported that Beijing told Chinese firms not to purchase cybersecurity software from at least a dozen U.S. and Israeli companies.While it’s not fully clear which companies are on the list, Reuters sources close to the situation reported that Palo Alto Networks, VMware and Fortinet were among the American companies listed, and Israel-based Check Point Software was also named.Chinese authorities expressed concern that the cybersecurity software could collect and transmit confidential information abroad, said the sources cited in the report, who declined to be named because of the sensitivity of the situation.“The timing suggests this is at least partially retaliatory,” said Michael Bell, chief exeutive officer at Suzu Labs. “The companies named — Palo Alto Networks, Fortinet, VMware, and Check Point — have significant presence in China. They’ve also published reports attributing cyberattacks to Chinese state actors, which doesn’t help their position in Beijing. The larger pattern is clear. Technology supply chains are fragmenting along geopolitical lines. Cybersecurity is just the latest front.”Bell said for enterprises operating in both markets, this accelerates the “two stack” reality. Vendors may need one set of security tools for China operations and another for everywhere else. That’s expensive, complex, and creates its own security risks when it’s very hard to maintain consistent visibility across the global environment, said Bell.Related reading:Patrick Hinojosa, former chief technology officer at Panda Security, explained that Chinese authorities removed Symantec and other foreign security firms from their approved supplier lists in 2014. This followed over 10 years of the Chinese government putting up road blocks to U.S. and sometimes Israeli IT security products being sold to consumer, government and corporate entities. “These anti-free market actions included making opening offices in China to sell from very difficult,” said Hinojosa. “In the past, giving bribes to government officials in China, plus turning over trade secrets of their security products has been required in order to gain approval to sell into the Chinese market. Throughout this timeline the U.S. government banned different hardware from being sold to China due to national security concerns.” Hinojosa added that complaints have been made to the U.S. government and Congress over this for couple of decades, but no real action was ever taken to confront the Chinese government.“Therefore this is nothing new and not a big hit for the U.S. or Israeli companies as China has never allowed full market access in this product area,” said Hinojosa.
Suzu Labs’ Bell pointed out that the cybersecurity angle is particularly sensitive because security software has deep access to networks and endpoints. Bell said Beijing’s stated concern — that U.S. and Israeli vendors could collect and transmit data abroad — mirrors the exact concerns Washington has raised about Chinese technology. Both sides are now applying the same logic, noted Bell.Bell offered up a chronology for readers to get up-to-speed:
link