China bans chip maker Micron from its key information infrastructure

The Chinese government announced the ban on the products made by the US memory chip giant Micron Technology over national security concerns.

The Cyberspace Administration of China announced the ban on products made by US memory chip giant Micron Technology over security concerns. The ban is related to the use of company products in key infrastructure projects.

The decision is the last act of the dispute between China and the U.S., both countries recognize the importance of technological sovereignty for the development and growth of their economies and are aware of the potential risks of using technological solutions provided by hostile governments.

The country’s cyberspace regulator announced that the decision results from the failure of a network security assessment conducted by the Network Security Review Office on Micron’s products sold in China.

“A few days ago, the Network Security Review Office conducted a network security review of Micron’s products sold in China in accordance with the law.” reads the official announcement.

“The review found that Micron’s products have relatively serious potential network security issues, which pose a major security risk to my country’s key information infrastructure supply chain and affect my country’s national security. For this reason, the Network Security Review Office has made a conclusion that the network security review should not be passed. According to the “Network Security Law” and other laws and regulations, operators of critical information infrastructure in China should stop purchasing Micron products.”

According to the announcement, the assessment revealed the presence of severe security issues in the products made by Micron that pose severe risks to the national key information infrastructure.

The announcement pointed out that the government of Beijing is promoting collaboration with foreign manufacturers, but their products must be compliant with Chinese laws and regulations.

“The purpose of this network security review of Micron’s products is to prevent product network security issues from endangering the security of the country’s key information infrastructure, which is a necessary measure to maintain national security. China firmly promotes high-level opening up to the outside world. As long as it abides by Chinese laws and regulations, companies from all countries and various platforms are welcome to enter the Chinese market.”

The ban is the first major action against a US chip maker, on the other end, the US Government has already adopted similar actions against Chinese giants.

Micron has been already notified by the Chinese authorities about the government’s decision.

“We are evaluating the conclusion and assessing our next steps. We look forward to continuing to engage in discussions with Chinese authorities,” a spokesperson told the BBC.

“We firmly oppose restrictions that have no basis in fact,” a US Commerce Department spokesperson said.

“This action, along with recent raids and targeting of other American firms, is inconsistent with [China’s] assertions that it is opening its markets and committed to a transparent regulatory framework.”

On Sunday, US President Joe Biden remarked to G7 nations about the importance to achieve technological independence from China.

“That means taking steps to diversify our supply chains,” Biden said.

In April, the German government warned that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes. 

Some Western governments are evaluating the “rip and replace” of risky components provided by Chinese suppliers.

In September 2020, the British government announced the ban on the installation of new Huawei equipment in the 5G networks of Wireless carriers after September 2021. In January 2020,

In January, the EU’s executive Commission presented a set of rules and technical measures aimed at reducing cybersecurity risks from the adoption of 5G. The Commission’s recommendations included blocking high-risk equipment suppliers from “critical and sensitive” components of 5G infrastructures, such as the core.

The EU’s executive Commission did not explicitly mention companies, but a clear reference is to the Chinese firm Huawei.

In November 2019, the U.S. Federal Communications Commission has cut off government funding for equipment from the Chinese companies Huawei and ZTE due to security concerns. The Federal Communications Commission also requested the government to assign subsidies to the American companies that will replace any equipment from the Chinese firms that they already have in place.

The FCC fears that the Chinese firms could conduct cyber espionage for their government due to their “substantial ties to the Chinese government,”

In July 2020, the FCC blocked Chinese companies from receiving subsidies from a government fund, its decision is part of its efforts to protect the national communications networks from security risks posed by the use of Chinese equipment.

The FCC’s move definitively banned U.S. organizations from using the government Universal Service Fund for acquiring equipment or services provided by Chinese firms.

In September 2020, a report published by the US Federal Communications Commission (FCC) revealed that performing a full replacement of all Huawei and ZTE equipment on American wireless networks will cost $1.837bn in total.

The FCC has also published a list of 51 carriers that will need to replace their Huawei and ZTE equipment benefiting from the US funds.

The U.S. has already pushed its allies for banning Huawei, ZTE and other Chinese companies.

The Chinese giant Huawei was already excluded by several countries from building their 5G internet networks. The United States, Australia, New Zealand, Romania, and Japan announced the exclusion of Huawei technology from their 5G internet networks.

In April 2018, the UK GCHQ intelligence agency warned UK telcos firms of the risks of using ZTE equipment and services for their infrastructure.

In December 2018, a Czech cyber-security agency warned against using Huawei and ZTE technologies because they pose a threat to state security.

We are in the final

Please vote for Security Affairs (https://securityaffairs.com/) as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections where is reported Securityaffairs or my name Pierluigi Paganini

Please nominate Security Affairs as your favorite blog.

Nominate Pierluigi Paganini and Security Affairs here here: https://docs.google.com/forms/d/e/1FAIpQLSepvnj8b7QzMdLh7vWEDQDqohjBUsHyn3x3xRdYGCetwVy2DA/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Micron)