After Congress' report, what next for China's tech firms?

House intelligence report on China tech is sure to impact relations, analysts say

WASHINGTON -- There's a new television show, "Revolution," which looks at what happens to society after every piece of complex technology, including power generation, stops working. The reasons for this outage aren't explained.

Maybe it's China's fault. After years of allegedly building backdoors into equipment, something implanted by China went awry and accidentally turned off everything everywhere.

The prelude for this plotline was written by the U.S. House intelligence committee in its report Monday about Chinese telecommunications vendors Huawei Technologies and ZTE. The committee is telling private sector firms -- in a big headline on its website -- to "use another vendor" as it warns of "long-term security risks."

At the minimum, analysts believe the House intelligence report will bring more scrutiny to joint efforts and agreements by U.S. and China technology companies, but trade problems can't be ruled out either.

What is certain is that China is embedded in U.S. technology supply chains as it works to build its own competitive capacity. Huawei illustrates this, with more than $32 billion in revenue last year, with about 70% of its revenue coming from outside China, it said in testimony delivered last month to the House intelligence committee.

Lenovo, which bought IBM's PC division in 2005, may have just surpassed Hewlett-Packard as the world's top PC maker, Gartner says.

There are many firms in China that provide code development through its offshore outsourcing services, assemble and manufacturer everything from components to complete systems, including printers, PCs and servers for multinational firms.

U.S. firms, including Huawei rival Cisco, all have major R&D facilities in China.

To avoid serious problems, Gartner analyst Neil McDonald said tech firms will have to do more to ensure trust. Companies will have to offer more transparency about their operations, management, and source code and allow a full evaluation. Without it, "the lack of trust continues to grow and it continues to fragment," he said.

The House committee accused Huawei of not fully cooperating with its probe, particularly its relationship with the Chinese government, something the company disputes.

The trust issue isn't new and is something McDonald examined in a recent report on supply chains. Supply chains are easy targets and increasingly complex. "Hardware vendors are increasingly outsourcing not just manufacturing, but also design to OEM suppliers and contractors located in Asia and India. In some cases, established Asian suppliers are outsourcing to emerging economies, such as Brazil, Vietnam and Indonesia," the report said.

While this House intelligence report is ostensibly about two telecommunication firms, it includes broad assertions about the increasing sophistication and intensity of China's intelligence gathering efforts. It describes an "ongoing onslaught" of network intrusions originating in China.

Mario Mancuso, a former Under Secretary of Commerce for Industry who was a senior decision-maker on the committee that oversaw export controls of critical technologies, said: "This [House intelligence] report makes plain a simple fact -- that U.S.-China technology transactions and relationships are subject to U.S. government scrutiny generally."

"I think there is a very significant impact beyond Huawei and its prospective U.S. customers," said Mancuso, a partner at the law firm Fried Frank. For Chinese companies looking to invest in the United States, seeking to acquire U.S. assets, patents, and other tech firms, "the issues of U.S.-China technology transfer are squarely on the table. I think they are on the table in a more acute way today than they have ever been."

Darren Hayes, the Computer Information Systems Program chair at Pace University, said the House report adds a new dimension to economic espionage, and could lead to new laws that impact Chinese investment in the U.S.

Hayes said there are already some federal agencies that won't purchase some overseas telecom products because there are areas of memory that they can't access and read the code.

What happens next between the U.S. and China over this report is hard to say, but Rob Enderle, the principal analyst at the Enderle Group, said "you shouldn't assume that this problem will spread" to other companies in China.

Lenovo, for instance, "is far more expert at dealing with U.S. agencies and much of their executive team is located here not there," he said.

Lenovo is increasing its presence in the U.S., and this month announced plans to open a manufacturing plant in North Carolina. It already has operations in that state that employ about 2,000. "The announcement defies a trend that has seen electronics manufacturing jobs migrate overseas for more than two decades," said North Carolina officials in a statement.

Patrick Thibodeau covers cloud computing and enterprise applications, outsourcing, government IT policies, data centers and IT workforce issues for Computerworld. Follow Patrick on Twitter at @DCgov or subscribe to Patrick's RSS feed. His e-mail address is

See more by Patrick Thibodeau on

Read more about security in Computerworld's Security Topic Center.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Patrick Thibodeau

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts