Expert warns of hazards in China

Bookmark and Share

A Norwegian expert on digital security is worried about all the Norwegian business owners and executives now heading for China after diplomatic relations have resumed. Jack Fischer Eriksen warns about the risk of espionage and hacking, if security is overlooked in Norwegians’ zeal to strike new business deals.

Norwegian government and business delegations have been streaming to China since Prime Minister Erna Solberg met Chinese President Xi Jinping in Beijing last month, ending a six-year diplomatic freeze. Now a Norwegian expert is warning all those traveling to China to take security precautions. PHOTO: Nærings- og fiskeridepartementet

Norway’s largest business delegation ever was in Beijing this week, led by Fisheries Minister Per Sandberg with the aim of selling lots more salmon, cod, king crab and other seafood. While ministers like Sandberg get data guidance and security assistance from Norway’s police intelligence service PST, Eriksen told newspaper Dagens Næringsliv (DN), private business don’t, and therefore must take their own precautions.

Eriksen is the director of Næringslivets sikkerhetsråd, a Norwegian business security council that’s set up as a cooperation among employers’ organizations including NHO, Virke, Spekter, FNO, Bedriftsforbundet and the Norwegian Shipowners’ Association. “We have reason to believe that most (of those traveling to China) haven’t taken any special security precautions,” Eriksen told DN.

In their zeal to strike new business deals in China, many Norwegian business owners and executives may be overlooking the need for digital security. “I fear that valuable amounts of information can go astray because people are aware they can be subjected to intelligence-gathering operations via their information technology platforms,” Eriksen said.

He said that most large companies like Telenor, Statoil and others that traveled to China last month with Prime Minister Erna Solberg probably take precautions, noting that many high-level international business travelers leave all their personal and company data equipment at home and only carry a new Ipad with them into China or Russia that they never use again. Others copy  their passwords onto a memory stick to avoid having to type them in while in China.

“I would seriously evaluate what equipment you bring with you, including telephones that actually are now computers, if you use them at work,” he said. “Several major companies have a policy of not bringing your own equipment that would be hooked up to the company network again upon return. Lots of things can get into the equipment when you’re out traveling and using wireless networks without you being aware of it, you can be overheard or under surveillance.”

Smaller companies, Eriksen said, may not be aware of the risks or have organizations savvy enough to define and address them. Several companies questioned by DN confirmed that they hadn’t thought to take any special precautions while in China. Others were prepared, for example, that censorship by Chinese authorities means they can’t gain access to various services or that Facebook, Dropbox or Google don’t function without a VPN (Virtual Private Network) tunnel. Facebook and Twitter are banned in China.

Chinese officials at the embassy in Oslo reacted sharply to Eriksen’s concerns, claiming that China itself has been a major victim of cyber attacks. Any allegations of espionage against Norwegian businesses, they told DN, were “completely groundless and irresponsible.”

Eriksen pointed to formal warnings issued by both PST and the Norwegian military, that both China and Russia currently pose major threats to data security in Norway. “With that as a backdrop, data security when traveling is important.”

newsinenglish.no/Nina Berglund

  • richard albert

    Not only electronics need to be sanitized, but personal effects. Hotel staff routinely riffle luggage, safes, drawers, and often hotels frequented by foreign (and domestic) businessmen are bugged (hardwired, so RF sniffers don’t help). The most practical way to avoid clandestine searches is to have one member of the delegation or group stay with the baggage. It probably is best to carry one’s own items which contain other than dirty laundry, oneself; as bellmen and limo drivers are frequently operatives. Locks are well and good, but must be used pervasively to avoid identifying sensitive containers.

    If you don’t really need it – don’t take it.

    I know that this post is not going to reach Norwegian delegations, present or future; but in the increasingly ‘mean streets’ milieu, it is also best for travellers who have security credentials, work for western technology firms, and the travelling public at large to be aware that China and many former Soviet Bloc states have an obsession with HUMINT. Moreover, recent developments have revealed that SIS (MI6), US NSA, and E-tjenesten, (among others) are not disinterested in visitors; even from NATO allies.

    There have, as well, been episodes where nationals returning home have been ‘interviewed at length’ by services for ECO (UK) and for ITAR compliance in the US. This for simply taking abroad a computer application deemed a ‘munition’.

    Once upon a time, in the USA, there was an extremely comedic episode where an individual was targeted for having a laptop which he had taken abroad that was furnished with a common crypto utility known as PGP. The ‘goof de grace’ for the investigation was, that it could be demonstrated that the app was downloaded in… Poland! So it was being imported. Poland did not object… (The courts have pretty-well clobbered this restriction in the US.)

    This also applies to areas where the rule of law is less than certain. There, they just steal everything. Travel lean; the world is mean. One rotter ‘trumps’ the thousands of wonderful people you meet, at home and abroad.