General discussion


Security...tossing cell phones after leaving China...?

By C F USA ·
I read an article online today and was wondering the thoughts of the TR community pertaining to security steps taken when visiting outside your home country

Original Story (link at bottom)
Safety first for IT executives in China
by Sholto Macpherson

US Government recommends weighing laptop before and after each visit.

Senior executives in US IT companies have been advised by the US Government to follow extremely strict policies for visits to China which extend far beyond standard software protection.

The policies encourage them to leave their standard IT equipment at home and to buy separate gear only for use in China.

Mark Bregman, chief technology officer at security firm Symantec said he left his MacBook Pro behind in the US and took his MacBook Air whenever he flew to China. Bregman said he only ever used the Air in China and re-imaged the machine every time he returned home.

However, he said he was "pretty relaxed" when it came to following the security policies. "I don't let my IT department near my laptop," he said.

"I was advised by people in three-letter agencies in the US Government to weigh the machine before I left and when I got back," Bregman said.

"They also don't want me to take my phone. They said to buy a mobile phone in the US and throw it away when you come back."

Bregman said the US was also concerned about its companies employing Chinese coders, particularly in security.

He said the "software supply concern" was due to fears that Chinese developers would insert malicious code into software sold to American companies or the US government.

"If you're a big company doing development in China the US government asks, ?Why should we trust you? We won't buy from you.'"

However, he said every software company used developers in China including Microsoft, Oracle and others.

And Bregman asked why the US should fear Chinese developers but not US developers, when terrorist attacks were carried out in the US by American citizens.

Instead of worrying about the software products produced in China, the US Government should look at the tools and processes software vendors use to test their code, he said.

Symantec, as a security vendor which analyses code for malware, should be considered very reliable, said Bregman.

Bregman said the US had never asked Symantec to gather evidence using its own products.

"I'm not paid by the US Government. Why would I do it?

"I want all governments and customers to be assured that the software I'm selling them does what I say it does and nothing more."

Here is the link to the original story...,safety-first-for-it-executives-in-china.aspx

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Not at all surprising

by NotSoChiGuy In reply to Security...tossing cell p ...

It's old, granted, but there is a blurb in there about the US Defense Department using counterfeit networking equipment, and also other ways in which our friends from the favored nation of China have made themselves at home on government systems. There have been other examples since.

I heard a rumor that the feds were sitting on a major story. Basically, that they had determined that just about all Chinese-made chips had malware on them that could compromise systems and data when connected to the Internet.

Like I said, just a I'd take it with a grain (tablespoon, actually) of salt. However, given all that has happened, and the story you posted, it wouldn't be a tremendous shock to me if it were determined to be true.

Related Discussions

Related Forums