PBoC Official Advocates for Resuming "Secure & Controllable" Requirements in Financial Sector
On January 7, the Director General of the People's Bank of China (PBoC) Science and Technology Department, Wang Yonghong, published an article detailing aggressive strategies for improving China's "secure & controllable" capabilities in the financial sector. The article outlines application of "secure and controllable" information technology to promote industrial policy goals of informatization and economic development, and to enable robust control over technology risks, outsourcing risks and supply chain risks.
In the article, Wang makes an explicit connection between "secure & controllable" and local ICT products, and proposes supporting long-term development of local industry by according higher tolerance in the near term of lower quality and security defects.
Alleging U.S. technology products are riddled with "backdoors" due to CALEA requirements, Wang asserts that China's reliance on U.S. products poses huge risks. He calls for a long-term program for reduction of foreign products in the banking sector. Recommended compatible products ready for replacement include:
- network equipment
- security products including firewall, antivirus software, mail gateway, etc.
- peripheral devices including terminal devices, encryption devices, financial IC card;
- PC server, low-end storage devices, minicomputers;
- software products;
- maintenance services, reducing price through bringing in competitors.
Wang also suggests adoption of "secure & controllable" product procurement catalogs and application (product and investment) ratios, "secure & controllable" encryption algorithms, a national security testing and certification system (MLPS), and other regimes similar to those that appeared in the currently suspended CBRC "Secure and Controllable Guidelines."