For years, the nation-state and cybersecurity communities have warned technology companies such as Microsoft, Amazon, and Oracle that rising tensions between the United States and China could ultimately lead to them threatening one of their largest customers, the U.S. government and nation-states. They warned me that I would have to choose between access. Controlled Chinese market. American companies have long had to balance their own values with China's authoritarian demands, including extreme search engine censorship. That was just the tip of the iceberg.
It is now very likely that China's amendments to the State Secrets Law, which will take effect in May, will force this issue.
The law requires Chinese companies to identify and disclose to the government “trade secrets,” non-classified information that the Chinese Communist Party (CCP) deems relevant to national security. The proposed amendment is intentionally vague about what it would cover, allowing China to encourage U.S. tech companies (and, of course, other U.S. companies operating in China) to target the U.S. government or threaten U.S. data security. Enables you to compel the handing over of sensitive information that could have an impact. Americans write big. It's a difficult but binary choice for U.S. technology companies, which have invested billions of dollars to expand their presence in China. If American tech companies refuse to comply, they risk losing access to China's vast market. If they comply, there is a risk that the national security of the United States will be threatened.
To eliminate that risk, the Biden administration and Congress should at least consider banning technology companies that comply with the new rules from pursuing new government contracts.
Technology companies like Microsoft, Amazon, and Oracle are deeply embedded in the U.S. government and enjoy significant advantages thanks to government contracts. For example, Microsoft and Oracle are not competing for about a quarter of federal contracts. Secondary IT providers often “compete” for government business, but because they use the same underlying systems, companies like Microsoft and Oracle always win no matter which bidder is chosen. is guaranteed.
These companies also have large operations in China and large networks of affiliates that work with researchers and universities with direct ties to the Chinese government and military.
These operations risk undermining America's national security interests today. China's familiarity with, and access to, the operating systems that are the core of our defense enterprise is a clear source of vulnerability. As President Xi Jinping consolidates his power, the Chinese Communist Party has imposed increasingly strict rules on foreign companies operating in China, requiring them to comply to maintain market access.
For U.S. technology companies, this means requirements that force them to proactively notify states of cybersecurity vulnerabilities, allowing state-affiliated hackers to exploit zero-day flaws before patches are released. It also means complying with the National Cybersecurity Act, which exposes many of the products the company offers in the United States, including cybersecurity tools sold to the U.S. government, to state-affiliated hackers. Microsoft itself has acknowledged that compliance with these rules has directly led to attacks on governments around the world.
New requirements make that threat risk even greater. U.S. technology companies that conduct research and development in China may also need to create new They will be required to follow strict “official secrecy” rules. It is used in China but is used all over the world, including the United States.
If past is prologue, these companies will choose to follow. China's hacking and espionage programs are already strong, and top U.S. intelligence agencies have expressed concern about China's ability to launch large-scale cyberattacks against U.S. critical infrastructure. The risk increases exponentially as more data flows directly from the U.S. government's largest and most important technology partner to the Chinese Communist Party.
To alleviate this, the Biden administration and Congress can intervene in the same way they have improved U.S. port cybersecurity in recent weeks to stop Americans' personal data from being sold to foreign adversaries such as China. , the threat of Chinese electric car manufacturers needs to be addressed. Issues related to national security.
Actions are needed that reflect the reality that it is becoming increasingly impossible for companies trusted with U.S. national security contracts to maintain significant operations in China. Lawmakers should take new steps to move China to a procurement system that excludes companies that comply with state-mandated disclosures from consideration for future government contracts.
Requiring companies to choose between the U.S. and China ensures that the U.S. government's chosen technology partner shares national security priorities, ensuring the safety and security of the tools the government relies on. can be increased.
Paul Rosenzweig He is the founder of Red Branch Consulting, a homeland security and cybersecurity consulting firm, and a senior advisor to The Chertoff Group. He previously served as the Deputy Assistant Secretary for Policy at the Department of Homeland Security, and currently serves as a professor and lecturer in law at George Washington University and a senior fellow in the Technology, Law, and Security Program at American University's Washington School of Law.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
