Mainland China’s self-sufficiency drive in cybersecurity enabled the world’s second-largest economy to emerge unscathed from Microsoft’s global outage of cloud computing services, according to industry insiders, after a botched software update by US tech firm CrowdStrike.
While that disruption affected 8.5 million Microsoft Windows-based devices worldwide, China saw only minimal impact in installations numbering “tens of thousands” at mostly local offices of foreign enterprises or their mainland joint ventures, according to a report on Sunday by cybersecurity systems provider QAX in Beijing.
“The use [of CrowdStrike cybersecurity products] in government, state-owned enterprises and large private corporations is extremely small,” the report said.
QAX, a spin-off from the enterprise business of Shenzhen-listed 360 Security Technology, said organisations on the mainland should “prioritise domestic suppliers” of cybersecurity software, “especially given the current complex international environment”.
Citing Beijing’s efforts since 2018 to promote the development of alternative local solutions for cybersecurity, QAX said: “[We] must ensure that security software, tools and platforms, which are as significant as operating systems, should be self-supporting and controllable.”
The global outage stemmed from the latest version of CrowdStrike’s Falcon Sensor software, which was meant to make the computer systems of its clients more secure against hacking by updating the threats it defends against. A faulty code in the update, however, resulted in one of the most widespread tech outages in recent years for many companies, including banks and airports, that use Microsoft’s Windows operating system and cloud computing services.
CrowdStrike subsequently released information to fix affected systems.
Emerging largely unharmed from the global tech disruption shows that China’s push for “safe and controllable” computing systems has paid off, while speeding up the development and deployment of domestic cybersecurity solutions.
QAX estimated that it would take “weeks” for many organisations around the world to fully recover from the outage.
Chinese cybersecurity stocks gained the most on Monday compared with other industries, with an average increase of 4 per cent, according to financial information provider Wind, which compiles an index of more than 40 companies in the sector listed in Shanghai and Shenzhen.
360 Security Technology, a Chinese rival to CrowdStrike, said in a social media post last Friday that its technology was “more reliable, stable, comprehensive and intelligent”, compared with those from the US firm.
“When selecting endpoint security software, it is important to fully evaluate its defence capabilities to avoid potential security risks and ensure that business continuity and data security are not threatened,” 360 Security Technology’s post said.
The massive tech outage has come years after CrowdStrike blamed China for cybersecurity incidents at US firms. As early as 2015, CrowdStrike reported several Chinese cyberattacks against US technology and pharmaceutical companies, which were denied by China’s foreign ministry. In its latest annual report, CrowdStrike said the “China-nexus adversaries increasingly targeted third-party relationships” in 2023.
David Ip Ching-yeung, the founding chairman of the Hong Kong China Network Security Association, said the mainland is not immune to disruptions because it is possible for every software development company to make mistakes.
As such, Ip said governments and businesses must have redundant systems. That means when the primary system collapses, the backup can take over to ensure continuity of operations.
China’s cybersecurity market was projected to grow 13.5 per cent annually from 2022 to reach US$23 billion by 2027, faster than the global industry’s annual growth of 11.7 per cent in the same period, according to tech market research firm IDC.
United States Federal Trade Commissioner Lina Khan, meanwhile, wrote in a post on X that the recent outage “reveals how concentration can create fragile systems”. She said: “Concentrating production can concentrate risk, so that a single natural disaster or disruption has cascading effects.”
