The US Department of Homeland Security (DHS) this week issued an advisory warning American businesses of cybersecurity risks associated with data services and equipment from firms linked to the People’s Republic of China (PRC).
Noting that the PRC has “both the intent and ability to covertly access data directly through entities under the influence or jurisdiction of PRC laws,” the DHS pegs China-issued IT products and services as “a grave threat to the data security of the U.S. government and U.S. businesses.”
“For too long, U.S. networks and data have been exposed to cyber threats based in China which are using that data to give Chinese firms an unfair competitive advantage in the global marketplace,” said Acting Secretary of Homeland Security Chad F. Wolf. “Practices that give the PRC government unauthorized access to sensitive data – both personal and proprietary – puts the U.S. economy and businesses at direct risk for exploitation. We urge businesses to exercise caution before entering into any agreement with a PRC-linked firm.”
The DHS says the Chinese legislature can compel Chinese companies to collect, transmit and store data that violates international law, and runs counter to US interests.
“Such activities include requiring companies to store data within PRC borders and turning over routine data to the PRC government under the pretense of national security,” according to the agency.
The advisory also claims China has “a history of manipulation, misuse, and exploitation of that data to serve PRC business and economic goals,” and includes a compelling list of such practices over the years.
The notice ends on a negative note, saying that anyone who chooses to ignore these warnings may face legal repercussions.
“Any person or entity that chooses to procure data services and equipment from PRC-linked firms, or store data on software or equipment developed by such firms, should be aware of the economic, reputational, and, in certain instances, legal, risks associated with doing business with these firms,” says the DHS.
The full business advisory can be found here (PDF).