China edges ahead in the race to build hack-proof cyber security systems

BEIJING // The international power struggle for the control of data has intensified with a number of Chinese companies now trying to challenge entrenched cloud vendors such as Microsoft, Google and Amazon.

The growing market, targeted by Chinese players such as Huawei, Alibaba and Baidu, has raised serious questions about security of data storage and whether tech firms in China or elsewhere are vulnerable to attack.

China last week took a major step towards resolving the cyber security challenge by launching the world’s first “hack-proof” quantum satellite.

“The satellite’s two-year mission will be to develop ‘hack-proof’ quantum communications, allowing users to send messages securely,” Xinhua news agency reported.

The Quantum Experiments at Space Scale, or Quess, satellite programme is part of the Chinese leader Xi Jinping’s space programme.

“There’s been a race to produce a quantum satellite, and it is very likely that China is going to win that race,” Nicolas Gisin, a professor and quantum physicist at the University of Geneva, told The Wall Street Journal. “It shows again China’s ability to commit to large and ambitious projects and to realise them.”

The satellite is designed to secure messages between Beijing and Urumqi, the capital of Xinjiang, a sprawling region of deserts and snow-capped mountains in China’s extreme west.

The technology is extremely complex and based on the scientific principle of quantum entanglement.

According to this theory, two particles become “entangled” when they interact. However, any subsequent interaction with one impacts, instantaneously and regardless of distances between them, on both particles. “It is hence impossible to wiretap, intercept or crack the information transmitted through it,” Xinhua reported after Tuesday’s launch.

But there are concerns about who has the keys to such technological developments and whether sensitive – or mission critical – data could be at risk in the absence of international rules and controls.

“There is a global focus on who controls data. But there is no transparency in this business,” Sheila Jasanoff, director, programme on science, technology and society at Harvard Kennedy School tells The National.

“A new kind of frontier has been opened up, and it does not have any rules,” she says.

There has been a proliferation of companies in the cloud computing sector, where sensitive or critical data is stored outside an organisation’s physical boundary, and very little commitment to data security, she adds.

The world market for cloud solutions is expanding rapidly. Global spending on cloud services is expected to see a compound annual growth rate (CAGR) of 19.4 per cent between 2015 and 2019, according to the statistics analyst, Statista. Amazon Web Services (AWS), the cloud arm of Amazon, generated revenues of US$7.88 billion in 2015, it says.

But the biggest hurdle for the sector is cyber security in the absence of any international treaty to enshrine it.

Cloud companies offer an extensive array of often expensive software solutions “to rent” to clients unable or unwilling to make the extremely heavy investment in money and expertise required to build such systems. As the sector expands, the leasing companies are increasingly focusing on safety in a bid to convince customers to move to cloud.

“Data security is an issue everywhere and, as [customers] move from internal IT networks largely based on computers and software located inside their own facilities to a cloud model in which the firm’s employees can use cheap mobile devices to access their IT network anywhere in the world at any time, the threats to data security grow,” says Lee Branstetter, an associate professor of economics at the Heinz School of Policy and Management of the Carnegie Mellon University.

“But the shift to cloud computing will only succeed if firms believe their essential data to be reasonably secure.

“For this reason, major players are making very large investments in technology that can ensure reasonably secure access to IT networks,” he says.

At present, customers of cloud services have to contend with security safeguards which are “extremely opaque”, Ms Jasanoff says. “Cloud computing is still an unruly territory. People [in the business] are making rules as they go along or taking advantage of the lack of rules.”

Ms Jasanoff adds that should a mission critical system such as a public health or transport network be hacked by terrorists, for example, the results could be catastrophic.

“I would think a big tragedy might happen in a large airport or other facility like a hospital system and it would result in loss of life,” she says.

Meanwhile, Chinese cloud vendors are not just tapping domestic business but also trying to extend their reach globally by establishing cloud infrastructure such as data centres in different countries. A Chinese company called Beijing Sinnet Technology recently tied up with Amazon to provide cloud services in China, while several others are looking for similar deals.

Beijing hopes that the launch of the quantum satellite will give China a first-mover advantage and make it possible for Chinese cloud vendors to assure their customers about data security, at least from the technology point of view.

“It is a noble and difficult endeavour and I applaud the Chinese Academy of Sciences for its vision,” says Spyridon Michalakis, a quantum scientist from the California Institute of Technology. The launch also has the potential to “transform the face of cloud-based computing and even science as we know it”, he adds.

But technological advances alone are not enough. The long history of intellectual property rights violations in China makes it more difficult for Chinese cloud vendors to convince international customers about the ability to keep data secure from predators – or from the eyes of the state.

“Many multinationals have serious concerns about the protection of their intellectual property in China on and off line, and there have been a number of recent cases of international firms coming to believe that valuable information has been stolen from them through cyber means,” Mr Branstetter says.

“All of this would give non-Chinese multinationals pause before entrusting their critical data to Chinese cloud computing service providers.”

One domestic advantage that Chinese companies have is that state regulations mean foreign companies cannot operate on an equal footing with them. Foreign cloud vendors can operate in China only if they have local partners – and use servers located in the country.

That has left the field more or less clear for homegrown cloud vendors, who are able to tap major business opportunities without facing severe competition from international players.

And it may be that few Chinese companies are too concerned about the challenge of luring overseas clients anyway considering in excess of 20 per cent of the Fortune 500 companies are of Chinese origin.

Follow The National’s Business section on Twitter


Share This Post