Cybersecurity

China: Micron products are “major security risk,” but no need to rip and replace

The ban on purchases of new Micron products applies to all “critical national infrastructure operators.”
article cover

Francis Scialabba

3 min read

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.

The Cyberspace Administration of China (CAC) has implemented a nationwide ban on the purchase of Micron products by “critical national infrastructure operators” after concluding the US memory chipmaker poses a supply chain security risk.

In a statement posted to its website, translated from Chinese, the CAC wrote that Micron had failed a Network Security Review Office review of its products. According to the translated statement, Micron has “relatively serious potential network security issues, which pose a major security risk” to China’s “key information infrastructure supply chain” and “national security.”

The announcement didn’t go into further detail as to the exact security risk of Micron silicone. But as the Register noted, whatever the CAC claims to have found is apparently not serious enough to warrant a “rip and replace operation” in which Chinese agencies and firms would be required to yank all Micron memory, storage devices, and other products from operational gear. The Register further noted that memory is not exactly a bespoke product; it’s manufactured in large quantities by Chinese companies, so the procurement ban may result in minimal disruption to China’s tech sector.

The story for Micron may be different, however: Paul Triolo, consultancy Albright Stonebridge’s SVP for China and technology policy lead, told Ars Technica the firm could take a big hit: “This could be really bad for Micron. It depends how broad China’s definition of critical information infrastructure is, but this could include the financial sector, transportation, energy and data centers.”

CNN reported Micron has estimated possible ramifications could be in the “high single-digit” league in terms of percentage of annual revenue.

On May 27, US Secretary of Commerce Gina Raimondo told reporters at the Indo-Pacific Economic Framework talks the US “won’t tolerate” the ban, adding there was no “basis in fact” and the CAC was engaging in “plain and simple economic coercion.” She predicted the ban would fail to accomplish its goals, adding that the US is working with its partners in the G7 to counter China’s “non-market practices.”

Some tech industry analysts speculate the Micron ban is itself retaliation for Western sanctions on Chinese tech conglomerates like Huawei and ZTE (subject to rip-and-replace orders in the US) and a rebuke at the G7, where member nations released a joint communique accusing China of “malign practices,” including espionage, coercion, and illicit technology transfers, on May 20.

“We have received the CAC’s notice following its review of Micron products sold in China,” Micron spokesperson Lara Krebs told IT Brew in a statement. “We are evaluating the CAC’s conclusion and assessing our next steps. We look forward to continuing to engage in discussions with Chinese authorities.”

Top insights for IT pros

From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.