Foreign firms operating in China step up measures against cyberspying

PUBLISHED : Sunday, 25 May, 2014, 5:23am
UPDATED : Sunday, 25 May, 2014, 6:35am

Google sends an e-mail to some employees travelling to China warning that it's a "restricted country" and online access to some internal systems will be limited, according to a person familiar with company policy.

Kyocera makes photovoltaic cells in Japan only, and it's reviewing cybersecurity measures at its solar-panel assembly plant in Tianjin . Infineon Technologies, Europe's secondbiggest chipmaker, fends off thousands of attacks from China every day, although most are amateurish, said a person familiar with the situation.

US accusations of corporate spying by a Shanghai-based military unit have raised the stakes on the daily, behind-the-scenes struggle multinational companies face to protect intellectual property and confidential business plans in China.

Chinese military hackers stole designs for key reactor components from Westinghouse, the Justice Department said last week.

When cybersecurity [is] mentioned, fear is ratcheted up a notch
The E.U. Chamber's Jorg Wuttk

China, which has denied any hacking, may retaliate against American companies for their government's accusations.

"Whenever words like cybersecurity or cyberespionage are mentioned, fear is ratcheted up a notch," said Jorg Wuttke, president of the European Union Chamber of Commerce in China. "One positive of this case is that it will serve as a valuable reminder that companies and institutions must beef up their IT security to ensure against such threats."

Companies pursuing opportunities in China must increasingly count cybersecurity among the rising costs of a presence in the world's most-populous nation. Businesses have been forced to counter ever more sophisticated methods of attack, taking measures such as restricting what data employees can access there or barring the use of software seen as vulnerable.

Robin Moroney, a Singapore-based spokesman for Google, declined to comment on the company's information security measures. Google said in 2010 it wouldn't censor content for mainland Chinese services, shut down its local search page and redirected users to a site in Hong Kong.

Some companies, such as Kyocera, secure data by producing sensitive components close to home.

Kyocera has also been using systems to detect unauthorised attempts to access its network and banned the use of the Windows XP computer operating system, for which Microsoft no longer provides support.

One of the suspected People's Liberation Army hackers, who the Justice Department identified as operating under the alias UglyGorilla, has been linked to malware used in a 2009 hacking attack on Coca-Cola. The company was told by the FBI in March 2009 that hackers had broken into the beverage maker's computer systems and pilfered files related to its aborted plan to buy China Huiyuan Juice Group for US$2.4 billion, according to three people familiar with the situation and an internal company document.

The internal report said the intruders were state-sponsored.

The Chinese government denied that its military had ever engaged in any form of cyberespionage.

Last week the State Internet Information Office announced that it would begin vetting major technology products and services if they're used for national security and other public interest purposes, Xinhua reported.

Willy Wo-lap Lam, an adjunct professor at the Centre of China Studies at Chinese University of Hong Kong, said: "The Chinese probably won't retaliate on a large scale. They may just pick on one or two companies - kill the chicken to scare the monkey."