China allows foreign tech firms to participate in creating cyber-security standards

China has signaled an interest in a global approach to developing the country’s cyber-security standards for foreign technology companies.
China has signaled an interest in a global approach to developing the country’s cyber-security standards for foreign technology companies.

China appears to have taken a more global approach to discussions involving the country's cyber-security standards. For the first time, the country has allowed foreign technology companies to participate in creating cyber-security standards, according to a report in the Wall Street Journal.

China has allowed Microsoft, Cisco, Intel, and IBM to join a cyber-security advisory committee known as Technical Committee 260 that has been tasked with defining China's standards that constitute “secure and controllable” technologies, the Journal reported, citing individuals familiar with the matter.

The term “secure and controllable” has generally been used to refer to Chinese intellectual property, Adam Segal, director of the digital and cyber-space policy programme at the Council on Foreign Relations (CFR) and the Ira A. Lipman chair in emerging technologies and national security, told SCMagazine.com.

Representatives for Microsoft and Cisco confirmed to SCMagazine.com that the companies are members of the committee, which is also known as TC260. Intel and IBM did not respond to this publication's requests for comment by press time.

The committee, also known as TC260, is involved in discussions of data storage and encryption, the report said. The move may mark a shift in China's aggressive cyber-security policies, although policy professionals are hesitant to place too much emphasis on the development.

Bruce McConnell, vice president of the EastWest Institute, told SCMagazine.com that US companies' involvement in these policy discussions at an early stage is “a promising development,” although he cautioned that it is “too soon” to conclude a “major shift” in China's approach.

The tone of US-China cyber-security has “improved somewhat” since the cyber agreement signed by the two countries last September, he said.

The recent developments are not “necessarily driven by privacy” as much as they are motivated by concerns that Chinese global competitiveness could be negatively impacted in the long term by legislation that uses cyber-security standards to keep Western companies out of Chinese markets, Segal told SCMagazine.com.

In December, China's legislature approved an anti-terrorism draft legislation that would require companies provide technical assistance to Chinese authorities or turn over user data in terrorist investigations. An earlier draft of the legislation included a provision requiring companies to decrypt information for Chinese authorities.

“There is a growing realisation that it becomes increasingly difficult” for companies to adhere to multiple national security agendas, said Segal. The approach leads to “lots of competing standards.”