[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Security risks of doing business with China?
- To: bk <chort0@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Security risks of doing business with China?
- From: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
- Date: Thu, 1 Nov 2012 17:49:08 -0700
Really? I get nothing for that one??? That shit was FUNNY!!! :)
On Nov 1, 2012, at 10:41 AM, bk <chort0@xxxxxxxxx> wrote:
>
> On Nov 1, 2012, at 1:43 AM, Dan Ballance wrote:
>
>> Hi guys,
>>
>> I greatly respect the collective knowledge about security matters on this
>> list. What do you make of this BBC report? Here in the UK we are seeming
>> happy to do business with China, but other countries are blocking over
>> alleged security concerns. Do you think these concerns are legitimate or is
>> this purely political protectionism?
>>
>> http://www.bbc.co.uk/news/business-20163907
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>
>
> There are two main ways businesses are at risk when dealing with China:
>
> a) Trying to business _in_ China, the authorities won't let you setup shop
> directly, but instead force you into a "joint venture" with an established
> (and state-supported) Chinese company. In order to make and sell your
> products, you have to transfer a lot of intellectual property to the joint
> venture. Guess what happens to that intellectual property? Pretty soon there
> are multiple Chinese companies making exactly the same thing you make, but
> selling for a lot cheaper, and maybe not only in their domestic market.
>
> b) Deploying Chinese-built infrastructure components in critical areas of
> your country. There's a lot of hype about backdoors, but IMO the biggest
> practical risk is the technical experts they send to do the support. Do
> people do background checks on the support experts they send in who will have
> privileged access and debugging capabilities? I doubt it. Maybe they don't
> even steal any information directly, but simply file reports on how the
> infrastructure is designed and connected. That information alone has
> strategic value.
>
> Related to the original article, simply selling a stake as an investment
> doesn't appear to be all that risky. It's a question of what access is
> granted as a part of that investment. Do they get access to board members, to
> sensitive financial data? If there's no access to non-public data or trade
> secrets, then there wouldn't appear to be much risk.
>
> Are politicians exploiting China-bashing for votes? Absolutely. Just like any
> major issue, people are trying to hitch their wagon to it in improbable ways.
> That doesn't mean there isn't any truth to it.
>
> If you're a business going into China, know that their goal will be to
> replace you with domestic companies within several years. Don't get bullied
> into stretching past your risk tolerance. They're really good at making it
> seem like you have a huge opportunity, if only you give in just a little bit
> more...
>
> --
> chort
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/