Cyber security. Photo: IC
China on Sunday made public the results of its cybersecurity review of US semiconductor maker Micron Technology, saying that the company didn't pass the review because it has severe cybersecurity problems that could pose significant security risks to China's critical information infrastructure supply chain.
Experts said that the decision by Chinese government and ensuing ban on Micron's products in China should impact the chipmaker's business, which counted hundreds of millions of dollars of sales on the Chinese market.
However, the experts noted that the ban on Micron products is an individual case, which shouldn't be linked with China targeting any country, and China will continue to open up its market to global businesses.
The review, which was conducted by China's Cybersecurity Review Office (CRO) on Micron's products sold in China, found that Micron's products negatively affect China's national security. As a result, the authorities demanded that China's domestic critical information infrastructure operators stop purchasing Micron products in accordance with the country's Cybersecurity Law or and other regulations, according to a statement published on the website of the Cyberspace Administration of China.
US-based semiconductor firm Micron Photo: VCG
According to the statement, the review of Micron was aimed at preventing the products' cybersecurity problems from endangering the security of national information infrastructure. It is a "necessary measure" to safeguard national security, the statement said.
The statement also stressed that China firmly promotes high-level opening-up.
"Companies and platforms are welcome to introduce products and services into Chinese market as long as they conform to the requirements of Chinese laws and regulations," the statement said.
Micron, based in the US state of Idaho, is one of the world's largest providers of memory chips such as dynamic random access memory and other modules. The company earns more than 10 percent of its annual revenue from China, according to media reports.
China carried out the review at the end of March to ensure supply chain security for key information infrastructure and to ward off cybersecurity risks, China's cyberspace authorities said then.
Mao Ning, a spokesperson of China's Foreign Ministry, noted during a press conference in April that conducting cybersecurity reviews of network products that affect or may affect national security in accordance with the law is a "normal" regulatory measure.
Zuo Xiaodong, vice president of the China Information Security Research Institute, told the Global Times on Sunday that the Micron case would be the "first public announcement of a supplier failing to pass official review" since the mechanism was introduced.
The ban announced on Sunday will lead customers in dozens of key industries from energy to finance to stop purchasing Micron products and services, Zuo said.
"Furthermore, customers not affected by the ban may be affected in terms of their confidence in Micron's products and services in collateral damage to the firm's business," Zuo noted.
Wang Peng, a research fellow at the Beijing Academy of Social Sciences, said that the case should be looked at "objectively."
"From the perspective of public safety and cybersecurity, we conducted inspections and found that the products of Micron had certain hidden dangers and did not conform to national regulations. Therefore, it is normal to impose relevant restrictions on Micron's products," he told the Global Times on Sunday.
According to him, review of critical infrastructure-related cybersecurity in China has been very strict, as information and network security is of growing importance.
"Our country has always been committed to opening-up. We have laws and regulations relating to key infrastructure and digital infrastructure. Products that are in line with Chinese law can be sold in the Chinese market, and there is no problem for international companies to invest and operate in China," he said.
Zuo also called Micron's ban an "individual case", saying that China's review of cybersecurity risks should in no case be misinterpreted as targeting foreign firms.