Diverging Collaboration of Chinese and US Information Security Firms

8 04 2012

by Brad Clawson

On March 7, 2012 Northrop Grumman issued a report entitled Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage. Commissioned by the U.S.-Economic and Security Review Commission, the report offers an insight into the Chinese information security capabilities. The report covers a broad swath of topics ranging from military operations, initiatives in information warfare, analysis of criminal vs. state sponsored activities, and risks posed to the US telecommunications supply chain as a result of dependence on Chinese made hardware. One additional compelling topic covered by the report is the collaboration between US and Chinese Information Security Firms.

The interrelationships between global multi-national corporations add additional complexity to an already challenging problem of protecting American IT Infrastructure. Fortunately, according to the Northrop Grumman Report, collaboration between US and Chinese firms has not been common to date.1 A joint venture in 2007 between the Huawei Shenzhen Technology Company and Symantec is the only formal partnership formed between a US and a Chinese information security company. Recently, it has been announced that this joint venture will be dissolved as Symantec intends sell its stake to Huawei for $530 million effectively eliminating any ties Symantec has to the Chinese company. 2
According to a New York Times article, Symantec chose to dismantle the relationship over concerns that ties to a Chinese organization would prevent it from gaining access to US Government classified information relating to cyber security threats. 3 This decision reflects the emerging policy of the US Government to disseminate classified threat data to public organizations. This policy is having an immediate and potentially long lasting impact on the future of joint Chinese and US ventures. The logic on the part of Symantec represents the collective interests of US based corporations who need to sustain their current domestic customer base and participate in these public/private forums.

As the US Government continues to trend toward greater collaboration with US information Security companies it is safe to assume that this will also occur China. Chinese governmental and corporate organizations are already tied closely together as the Chinese government has significant influence over their domestic industries. Thus, the Symantec decision is an indication that further divergence between information security firms in both countries will continue. This most likely will focus initially on software and services industries, however it is likely that the hardware supply chain will also come under further scrutiny and may lead to more policies restricted the collaboration between US and Chinese firms.
The overall impact of this divergence remains to be seen, but clearly these recent events represent the future challenges facing public and private enterprises in an era of heightened information security risks. As greater regulation and oversight occurs, private industry has to fundamentally adapt their business models to comply. This type of activity is not unique to the information security domain. However, since this domain is relatively new it will take years for government regulation and business adaption to reach maturity. Eventually a relative balance between security risks and business interests will be achieved and the entire global information security industry will move forward.


1 Bryan Krekel et al., “Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage”, March 7, 2012, 104.
2 Nicole Perlroth, “Symantec Dissolves a Chinese Alliance”, New York Times, March 26, 2012, http://www.nytimes.com/2012/03/27/technology/symantec-dissolves-alliance-with-huawei-of-china.html (accessed March 30, 2012).
3 Perlroth.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: