Skip to main content

US-China cyber security disagreements could cause trade war, expert warns

Cyber saber rattling by US lawmakers over the potential security threat posed by Chinese tech firms Huawei and ZTE could lead to more cyber attacks against the US and might even kick off a trade war with China, according to a computer security and forensics expert.

But, if anything, government officials should be tackling such threats even more aggressively and expanding the scope of their scrutiny of tech companies with close ties to the Chinese government, said Darren Hayes, a professor at Pace University's Seidenberg School of Computer Science and Information Systems in New York.

"I think that the problem goes way beyond these two manufacturers. I think that it probably has implications for consumers as well, because they are another avenue where [Chinese technology companies] can gain information, individual users being one of the biggest areas of data leakage for corporations and other organizations today," Hayes said on Thursday.

Earlier this week, the House Intelligence Committee released a report that specifically called for US companies to avoid using telecommunications components from Huawei and ZTE due to security concerns.

Some of the findings of the 11-month investigation were released early on Sunday to 60 Minutes (video above). The probe focused on the close relationship between the two firms and the Chinese government, a relationship the committee felt could facilitate state-controlled backdoors inside the US telecommunications system. Such concerns were raised back in 2010, when Sprint Nextel was quietly steered away from a deal to buy telecommunications equipment from Huawei by government officials concerned about national security.

Lawmakers have also raised concerns about the two companies' dealings with Iran in contravention of the US sanction regime against that country. Networking giant Cisco this week said it was cutting ties with ZTE after an internal probe found that the Chinese maker of telecommunications equipment and consumer electronics devices had allegedly sold Cisco products to Iran without the American company's knowledge.

Hayes said the escalation of tension between the US and the two China-based companies would "be viewed as an affront to the Chinese Communist Party" and an accusation that the Chinese government is doing "something sinister."

"This report could lead to a trade war and may prompt more cyber-attacks against the US," he wrote on The Hill's Congress Blog. "This method of retribution has often been used against the US and other nations when accusations of improprieties have been made against China or asylum has been granted to a Chinese political dissident. The [US] government has obviously decided to take that risk."

Hayes said tech companies in other countries besides China were engaged in various types of economic espionage, including firms based in the United States. But he argued that there's one big difference between the sort of spying and intellectual property theft allegedly conducted by some Chinese companies and that sort of activity by firms in other countries.

"The difference is that these are Chinese government employees," he said.

The chair of Pace University's Computer Information Systems program also noted that spying technology built into Chinese-made products could be essentially undetectable, for example, in the case of memory chips used in a variety of gadgets and computing devices.

"It is critical to understand that these two Chinese handset manufacturers are not the only companies that should remain under suspicion. There are many memory chips, currently being manufactured by Chinese companies, which are inaccessible. This means that these chips may contain code that we will never be able to access, function normally but could be used to steal information and intellectual property," he said.

Hayes called on US lawmakers to add more teeth to existing federal cyber security and economic espionage laws, which he characterised as ineffective in their current form.