The US Department of Homeland Security has published a “business advisory” today warning US companies against using hardware equipment and digital services created or linked to Chinese companies.
The DHS said that Chinese products could contain backdoors, bugdoors, or hidden data collection mechanisms that could be used by Chinese authorities to collect data from western companies and forward the information to local competitors to further China’s economic goals to the detriment of other countries.
All equipment and services remotely linked to Chinese companies should be considered a cyber-security and business risk, the agency said.
The DHS argues that Chinese national security laws allow the government to coerce any local company and citizen to alter products and engage in espionage or intellectual property theft.
The DHS described this practice as “PRC [People’s Republic of China] government-sponsored data theft.”
“For too long, US networks and data have been exposed to cyber threats based in China which are using that data to give Chinese firms an unfair competitive advantage in the global marketplace,” said Acting Secretary of Homeland Security Chad F. Wolf.
“Practices that give the PRC government unauthorized access to sensitive data – both personal and proprietary – puts the US economy and businesses at direct risk for exploitation. We urge businesses to exercise caution before entering into any agreement with a PRC-linked firm.”
In a separate speech on Monday, Wolf also described China as “a clear and present danger” to US democracy.
The DHS published its advisory less than a month before a change in administration, with President Biden expected to name his own DHS chief next month.
Under the Trump administration, US officials have focused on cracking down on Chinese theft from US companies.
In a July 2020 interview with Fox News, FBI Director Christopher Wray said that half of the FBI’s almost 5,000 counter-intelligence cases were related to Chinese theft of US technology.
Through its new advisory, the DHS warns US businesses that Chinese theft can sometimes occur not only through business partnerships and insider threats but also through backdoored equipment and digital services.
“Any person or entity that chooses to procure data services and equipment from PRC-linked firms, or store data on software or equipment developed by such firms, should be aware of the economic, reputational, and, in certain instances, legal, risks associated with doing business with these firms,” the DHS said in a press release today.