On March 31, the Office of Cybersecurity Review issued an announcement to launch a cybersecurity review of products sold in China by U.S. memory chip giant Micron.
This is the first time that the Chinese government has conducted a cybersecurity review of a foreign technology company after domestic companies such as Huawei, ZTE, and Tencent were sanctioned and suppressed by the United States.
Some people believe that this is China's countermeasures and retaliation against the United States, some people think that this is a necessary measure for China to protect its own network security and national interests, and some people believe that this is a positive attempt by China to promote the standardization and healthy development of the industry.
So why exactly did Micron conduct a cybersecurity review? What impact does this have on Micron and the Chinese market? After Micron, what other foreign tech companies will be subject to cybersecurity review? This article will analyze from the following aspects.
1. Why is Micron conducting a cybersecurity review?
According to the announcement of the Cybersecurity Review Office, the purpose of the cybersecurity review of Micron is to "ensure the security of the critical information infrastructure supply chain, prevent cybersecurity risks caused by product problems, and safeguard national security." This purpose complies with the provisions of relevant laws and regulations such as the National Security Law of the People's Republic of China, the Cybersecurity Law of the People's Republic of China, and the Measures for Cybersecurity Review.
From the perspective of the international situation, in recent years, the US government has continuously suppressed and restricted Chinese technology companies, using "national security" as an excuse to prohibit or restrict the business activities of Huawei, ZTE, Tencent and other companies in the US market, and put pressure on other countries to follow suit.
The U.S. government also interferes with and disrupts the normal supply chain and cooperative relations of Chinese enterprises through export controls, sanctions, litigation and other means. These acts have seriously damaged the legitimate rights and interests of Chinese enterprises and threatened China's network security and national interests. It is necessary to take corresponding measures to protect one's sovereignty and dignity and safeguard one's own development space and strategic interests.
From the current situation of the industry, memory chips are one of the important infrastructures in the field of information technology, which is widely used in personal computers, servers, smart phones, tablet computers, smart wear, smart homes, industrial control, automotive electronics and other fields.
The types of memory chips mainly include DRAM, NAND Flash and NOR Flash, which have different performance and characteristics to meet different application needs. The market size and demand for memory chips are very huge, and the global memory chip market is expected to reach $1.1 trillion in 2022.
2. What is the impact of Micron's cybersecurity review?
Micron's cybersecurity review has undoubtedly caused certain impact and pressure on its business and market in China.
According to Micron's official data, as of 2021, the revenue in the Chinese market reached $2.3 billion, accounting for 14% of Micron's overall revenue. According to Jibang Consulting, Micron's share of the global memory chip market is 12%, second only to Samsung, Toshiba and Western Digital.
China is one of the world's largest consumer markets for memory chips and an important customer and partner of Micron. If the cybersecurity review results are unfavorable to Micron, it may result in its products in China being banned or restricted in sales, or required to undergo technological modifications or provide more security measures, which will increase its costs and risks, affecting its competitiveness and profitability.
At the same time, the cybersecurity review of Micron has also had a certain impact on the Chinese market and industry. On the one hand, this is conducive to improving the level of cybersecurity and supply chain security in the Chinese market, protecting the legitimate rights and interests of consumers and the security of personal information, and maintaining national security and social stability.
On the other hand, this is also conducive to promoting the development and innovation of China's local memory chip enterprises, improving their product quality and technical level, and enhancing their market competitiveness and independent controllability. According to reports, China already has a number of memory chip companies with independent research and development capabilities such as Changjiang Storage, Unigroup Group, and Huawei HiSilicon, and has made breakthroughs in the fields of NAND flash memory and 3D XPoint.
If we can take advantage of this cybersecurity review to further increase policy support and capital investment, promote industry-university-research cooperation and industrial chain coordination, China's memory chip industry is expected to achieve leapfrog development and narrow the gap with the international advanced level.
Third, after Micron, which foreign technology companies will be subject to cybersecurity review?
According to the Cybersecurity Review Measures, the scope of cybersecurity review includes situations where critical information infrastructure operators purchase network products and services, and network platform operators carry out data processing activities, affecting or likely to affect national security.
Therefore, any foreign technology company involved in these areas is likely to be subject to cybersecurity scrutiny. Specifically, the following types of foreign science and technology enterprises should attract great attention:
(1) Foreign science and technology enterprises that provide network products and services that have an important impact on critical information infrastructure security, network security, and data security, such as core network equipment, important communications products, high-performance computers and servers, mass storage devices, large-scale databases and application software, network security equipment, and cloud computing services.
These products and services are an important part of the critical information infrastructure, and if there are security risks or external interference or control, it may lead to the destruction or failure of the critical information infrastructure, resulting in serious social and economic losses and national security risks.
For example, companies such as Cisco, Intel, Oracle, IBM, and HP in the United States fall into this category.
(2) Review Micron and fire the first shot of the network security defense war! Which company could it be after that?.
These enterprises have a large amount of user data in the Chinese market, and if they do not comply with Chinese laws and regulations, do not ensure data security and personal information protection during the listing process, or are influenced or controlled by foreign governments or other forces, they may cause user data to be stolen, leaked, damaged, illegally used, or illegally exported abroad, endangering the legitimate rights and interests of users and national security.
For example, companies such as Didi Chuxing, Tencent Music, and Alibaba in the United States fall into this category.
(3) Foreign science and technology enterprises carrying out data processing activities in the Chinese market and involving core data, important data, or a large amount of personal information. If these enterprises collect, store, process, use or provide data in the Chinese market, if they do not meet the requirements of Chinese laws and regulations, do not take effective security measures, or are subject to external interference or utilization, it may lead to data abuse or leakage, endangering the rights and interests of data subjects and national security.
For example, companies such as Google (Chinese advertising business) in the United States, Microsoft in the United States, and Lenovo in the United States fall into this category.
To sum up, after Micron, there will be many foreign technology companies that will be subject to cybersecurity review. This is not only an inevitable choice for the Chinese government to perform its duties, but also an inevitable trend in the development of the Chinese market and industry.
For foreign technology enterprises, only by complying with Chinese laws and regulations, respecting the rules of the Chinese market, and ensuring the safety and reliability of products and services and data processing activities can they achieve long-term and stable development in the Chinese market.