The Chinese government has tightened data privacy regulations, bringing cloud computing and the internet of things under the ambit of its existing "multilevel protection scheme" (MLPS), according to news reports.
The new norms are intended to fortify information security, the Financial Times reported citing confidential government documents. As a result, foreign businesses in China are facing new administrative probes. The developments come amid flaring tensions between the country and the Western hemisphere following allegations of state-monitored data snooping by Chinese companies, particularly telco Huawei.
Richard Dearlove, former head of UK’s MI6 foreign intelligence service, reiterated his stand that the Chinese telecom giant poses a "grave security risk" to the country and the government should rethink its decision to allow the company a restricted role in setting up 5G networks, reports Reuters.
Dearlove earlier warned that Huawei could "disrupt national security" in the event of a crisis if the company were help to be a part of building the high-speed 5G internet infrastructure in the UK. The final government decision on Huawei’s role is yet to be announced.
Meanwhile, the US has blacklisted Huawei and 70 affiliates, banning the company from acquiring components and technology from U.S. firms without government approval. An executive order from the US president on 15 May stated that "foreign adversaries are increasingly creating and exploiting vulnerabilities in information and communications technology and services" the country increasingly depends on.
The emergency blanket ban covered foreign-designed, developed, manufactured or supplied information and communications technologies. Huawei responded that it is willing to discuss measures to ensure product security with the US government.
"Restricting Huawei from doing business in the US will not make the US more secure or stronger; instead, this will only serve to limit the US to inferior yet more expensive alternatives, leaving the US lagging behind in 5G deployment, and eventually harming the interests of US companies and consumers," the company said in the press statement. "In addition, unreasonable restrictions will infringe upon Huawei's rights and raise other serious legal issues," it added.
In an email to SC Media UK, Brian Higgins, security specialist at Comparitech.com, commented: "The Executive Order is very broad in scope and paves the way, as with many of its predecessors, for an abundance of legal challenge.
"The issue for the UK is that we sit within the supply chain of the United States in every sector. After the Target attack a couple of years ago (where network access was achieved via contractors), the US is rightfully cautious of such vulnerabilities.
"The impact can be reasonably dealt with by a common-sense approach to necessity and proportionality. If you are GCHQ (Government Communications Headquarters) and need to share sensitive intelligence, then you will undoubtedly have to purge your network of any devices deemed threatening. If, however, you make the odd Skype call to your NY office, you might just need a new tablet."
He concludes: "The more sensible approach is to make sure your own cyber-hygiene is contemporarily sound and then ask your US partners/customers etc. what reasonable adjustments would be appropriate to continue doing business."