China Telecom Unit Banned from Operating in the US
By Jim Lundy
PAX Technology, headquartered in Shenzhen China, operates 60 million point-of-sales terminals in the US and 120 countries. One of PAX’s warehouses in Florida was raided by the FBI and the Department of Homeland Security (DHS) following evidence that their payment terminals are being used to deliver malware and conduct cyber attacks against the US and European enterprises.
Event: US Federal Government Bans China Telecom From the US
The US Federal Government banned China Telecom Americas and they have 60 days to cease operations. This is due to the US stating that China Telecom represents a risk to national security. This follows other bans including China Mobile in 2019 and Huawei and ZTE in 2019.
Analysis: State-Sponsored Cyberwar Rages On
The US Government had no choice – it had to act. Technology and firms that provide technology, such as China Telecom, are being used to conduct Cyber attacks. It is clear that this is a pattern that has been going for years.
The banning of China Telecom follows earlier actions against them, which includes delisting China Telecom, China Mobile Ltd and China Unicom (Hong Kong) from the New York Stock exchange.
Cyber Attacks Get Bolder
While we have written about the 20-year war called Cyberwar, it is getting worse and adversaries are getting bolder. China and many other countries are using companies and their technology to attack enterprises in order to steal technology, intellectual property, and more. Huawei is being sued by the US for theft after already settling a recent case against theft at T-Mobile.
Government Responses Need to be Swifter
As Aragon has written about this issue for the last several years, the only way to stop this level of attack is to shift to a zero-trust mindset and to have more aggressive government intervention. So in 2019 and in 2020, the Government took action. However, the question is, have they been waiting too long?
Enterprises need to invest in Security and Security Awareness
There are new ways to protect the enterprise by shifting to a zero-trust environment. It is easier said than done, but Google has done it. Others can too. But while on the journey to zero trust, many other security best practices need to be established.
We wrote about the need to backup everything in July after the latest ransomware attack. However, many enterprises have still failed to act and they also do not have a comprehensive plan to invest in more robust security. This is a call to action.
The banning of China Telecom from operating in the US is just the tip of the iceberg. More actions need to be taken to protect enterprises. In addition, the IT Supply Chain needs to be protected. Enterprises need to re-certify all of their vendors and verify that their capabilities have not been compromised. In addition, enterprises need to inspect their current computer infrastructure to make sure that it is not infected with Malware.