One of the common arguments in the wake of the Snowden revelations about NSA surveillance is that other countries are going to double down on developing their own technology industries to reduce their dependence on U.S. companies. The Chinese press has made this argument numerous times--highlighting how IBM, Cisco, Intel and others have penetrated Chinese society--and this was one of the themes in Brazilian President Dilma Rousseff’s address to the United Nations General Assembly: "Brazil will redouble its efforts to adopt legislation, technologies and mechanisms to protect us from the illegal interception of communications and data."
This week the National Computer Network Emergency Response Technical Team Coordination Center of China and the Internet Society of China sponsored the Chinese Internet Security Conference in Beijing. At the conference, NetentSec’s CEO Yuan Shengang (Tony Yuan) compared the U.S. and Chinese cybersecurity industries. Yuan, who spent eight years in the United States, shows the difficulties of converting the attention to NSA surveillance into economics, painting a frank picture of the barriers to growth and innovation for Chinese companies. He also takes a much less techno-nationalist tone on the growth of a Chinese cybersecurity industry then the NSA spying promotes domestic industry argument would suggest.
Yuan highlights at least three problems China will face:
Awareness. As Yuan noted in a quip to the Washington Post, before the NSA revelations there was very little recognition of Internet security problems in China. Now, according to Yuan, domestic companies realize the need to invest in security and the government is focused on the problem. “For those in the industry, we really need to thank Snowden.” Still, the government lacks laws on cybersecurity and overemphasizes the supply of products through evaluation, licensing, and testing to the detriment of creating domestic demand.
Investment. In both private and public sector funding, the United States dwarfs China. According to Yuan, the U.S. government spent $6.5 billion on security, China $400 million; the U.S. private sector spent $4.3 billion on a broad array of products, Chinese companies only $80 million. Yuan also notes a vast difference in the scale of cybersecurity companies. China’s Venustech, which claims 80 percent of Chinese banking institutions and over 60 percent of large state-owned enterprises as its customers, had revenues of close to $120 million in 2012; by comparison, Symantec’s revenue was approximately $6 billion. The pressure to maintain high sales means Chinese companies have no time to develop products and cultivate customers.
Entrepreneurship. Yuan sees entrepreneurs having difficulty getting into and out of the sector. The barriers to entry are high with numerous government regulations and certificates. Preferential policies help large companies and squeeze start-ups. Venture capital (VC) is scarce; Yuan says he knows of only $30 million of VC investment in Chinese companies (including his own) compared to $1.4 billion in the U.S. Exits for small companies are hard. Yuan stresses that here are no equivalents to IBM, Cisco, or Intel buying up small companies as a major difference in the Chinese and American industries.
In his speech, Yuan suggests that he will be attacked for airing these weaknesses. But the more politically sensitive part of the speech is his call for "open competition." Yuan argues that there are core areas of security, but China should still adhere to the principles of openness and fairness. No country can ensure the safety of the entire supply chain of a product, and insisting on labels that say a product is developed locally will not make China safer. So Yuan does see the NSA revelations as kickstarting the Chinese industry. But in the end, the main impetus for this will not be government policy, but a mechanism that will be familiar and welcome to his counterparts in Silicon Valley: competition.