The ongoing trade war between China and the U.S. shows no sign of ending in the near future. Although steel tariffs acted as the catalyst for this protectionist policy, cybersecurity soon got caught up in the political mix and Huawei has been the highest profile target, or victim, depending upon how you see things. It was inevitable that China would fight back and from the cybersecurity perspective that’s certainly been the case.
First there have been the drafting of cybersecurity regulations that could see U.S. technology imports blocked on national security grounds. Now comes the news, first broken online by the Epoch Times this week, that China is preparing to replace the Windows operating system with an alternative that is being developed within China in order to “prevent the United States from hacking into China’s military network.”
Quoting a report from a Canadian military print publication called Kanwa Asian Defence, the Epoch Times revealed how the Internet Security Information Leadership Group (ISILG) in China has been created in order to replace Windows, and the UNIX system, used by the Chinese military.
The ISILG is part of the People’s Liberation Army (PLA) and falls directly under the control of the Central Committee of the Chinese Communist Party (CCP). This would make a lot of sense given that the United States Cyber Command was similarly formed to provide a separation between network security and national security groups.
I can certainly see how the technology environment has turned toxic at a national security level for countries on both sides of the East-West divide. While the West has become increasingly hostile towards Huawei, Chinese attention has been focused on networking technology made in the West. The Kanwa report talks of the ISILG believing that German-developed programmable logic controllers used in much of the Chinese industrial sector posing risks to national security.
Starting with the Edward Snowden NSA document leaks back in 2013 and bolstered by the Shadow Brokers group releasing NSA-developed malware more recently, China fears that U.S. intelligence agencies have the necessary tools to easily hack into operating systems such as Windows, and UNIX or Linux for that matter, and spy on Chinese military secrets.
The irony of a nation state oft-associated with cyber-attacks on Western targets, both in the business and government spheres, blaming the U.S. hacking capability for the need to develop a custom OS is not lost on me.
This isn’t the first time that China has looked to replace Windows with a home-grown OS of course, but the Linux-based “Red Flag” variant has been something of a dead duck for a while now. This latest report suggests that any Linux variation would not meet the standards of the secure by design brief from the ISILG.
By adopting a security through obscurity approach China obviously hopes to build a more secure OS that will offer stouter defense against Western attacks. At least in the short term. There are, however, a couple of big problems with this approach according to Ian Thornton-Trump, head of security at AmTrust International. “The reality of a secure OS is that you need a pipeline of developers to develop and support it,” he explains, “given the economy in China a briefcase full of dollars is highly likely to yield you an advanced copy of the OS for opposing nation states to dissect and reverse engineer.”
That said, Thornton-Trump can understand that with the seemingly never-ending number of zero day vulnerabilities within Windows comes a feeling that the NSA and other classified agency exploit coffers are likely well stocked. “Clearly China has the tech development capability,” he says, “so pointing resources at a secure by default and non-consumer OS makes sense.” He does still see it as being a tit-for-tat response to the Huawei blacklisting by the U.S. though. “When the world’s fastest growing consumer nation makes this sort of announcement you know it’s targeted,” Thornton-Trump concludes, “patriotism seems more in favor than pragmatism…”