PRC APT GROUP SALT TYPHOON BREACHES US TELCOS & TARGETS TRUMP & VANCE DEVICES
It was with disbelief and horror that I read the news article in the Times of India (referenced at the bottom of this blog post) pertaining to the agreement between ISRO and OPPO (a Chinese Mobile manufacturer).
The agreement in question pertains to sharing of technical information by Indian Space Research Organisation (ISRO) with OPPO to create applications and alerts for warnings in emergency in rural and coastal areas. A similar agreement was signed by ISRO with XIAOMI in 2020 itself.
The Indian Space Research Organisation (ISRO) and its commercial wing ANTRIX developed the Indian Regional Navigation Satellite System or IRNSS with its operational name of NAVIC (Navigation with Indian Constellation). It is a Navigation Satellite System that will provide accurate real-time positioning and timing services over India and the region around the country.
It is a rival to the GPS system of the United States and the BeiDou System of China.
The NAVIC system has civilian and military uses and its hard to fathom how ISRO managed to sign the agreement to share the details of NAVIC with OPPO.
What are the safeguards that ISRO has created to ensure that NAVIC information is not used against India by PLA? The article is silent about this aspect in the press release.
OPPO is a Chinese manufacturer of mobile handsets was founded by Duan Yongping and its current CEO is Tony Chen, both are Chinese nationals with corporate headquarters at Dongguan, China.
The OPPO brand name is owned by BBK Electronics (BBK). BBK also has a controlling stake and owns other Chinese brands like OnePlus and Vivo apart from OPPO. IQOO and IMOO are also brands owned by BBK. IQOO in India will be a brand through which BBK will launch a 5G smartphone.
Though clinching evidence of Duan Yongping and Tony Chen’s links to CCP and PLA are hard to come by, Chinese law mandates that executive leadership at Chinese companies become members of the Chinese Communist Party and are controlled by it. So its safe to assume that they are directly or indirectly controlled by PLA.
Xiaomi was earlier sanctioned by the US DOD as a PLA related entity by the Trump administration but the Biden administration has since revoked this sanction in May 2021.
Given our long standing border disputes and skirmishes with PLA, one wonders whether Due Diligence and Intelligence clearances were obtained from Home Ministry and Defence Ministry by ISRO before proceeding to sign the agreement with OPPO and Xiaomi. In our view, both the agreements should be rescinded forthwith and all proprietary information shared with OPPO and Xiaomi should be destroyed.
National Security considerations are paramount and cannot be dictated by commercial interests at ISRO.
The views and comments are personal opinions of the author and do not constitute any official views of entities or businesses the author is associated with.
By Pavithran Rajan
Leave a Comment 👋
PRC APT GROUP SALT TYPHOON BREACHES US TELCOS & TARGETS TRUMP & VANCE DEVICES
Boards have a unique role in helping their organizations manage cybersecurity threats. They do not have day to day management responsibility, but they do have oversight and fiduciary responsibility. Don’t leave any questions about critical vulnerabilities for tomorrow. Asking the smart questions at your next board meeting might just prevent a breach from becoming a total disaster. In this article we offer 7 questions to ask to make sure your board understands how cybersecurity is being managed by your organization. Simply asking these questions will also raise awareness of the importance of cybersecurity, and the need to prioritize action.