Lenovo, one of the world’s largest PC manufacturers, has joined the Joint Cyber Defense Collaborative (JCDC) initiative established by the US Cybersecurity and Infrastructure Security Agency (CISA). While this may seem ordinary, it has raised concerns over Lenovo’s Chinese origins and potential ties to the Chinese government.
As a publicly-listed company with dual headquarters in Beijing and Raleigh, North Carolina, Lenovo is of Chinese origin. Its acquisition of IBM’s PC division in 2005 and x86 server business in 2014 has given it greater market access. However, the US government has taken an increasingly hostile stance towards Chinese companies, citing security fears and protectionism.
Article 7 of China’s National Intelligence Law requires its citizens and organizations to function as covert operatives of the state if ordered to do so. This raises questions about Lenovo’s role in defending US critical infrastructure. CISA declined to comment on the selection criteria used to vet JCDC participants, referring instead to the initiative’s FAQ.
Some commentators have pointed out that Lenovo has a different management style and structure compared to many other Chinese companies. It went public on the Hong Kong Stock Exchange in 1994, which opened up Lenovo to global investors and scrutiny, nurturing a “transparent and accountable corporate culture.”
However, this has not prevented concerns over Lenovo’s ties to China. In October last year, the Chairman of the House Select Committee on the Chinese Communist Party requested the removal of Lenovo products from the US Navy Exchange for service members.
Lenovo has consistently denied accusations that it is controlled by the Chinese government. It has also emphasized its diverse leadership team and publicly-quoted status in both Hong Kong and the US.
CISA’s Secure by Design pledge, which Lenovo has signed up to, asks leading technology companies to make their products more secure. This has led some to question why Lenovo was selected for the JCDC initiative while other Chinese companies were not. The lack of transparency surrounding the selection process has raised further concerns over Lenovo’s role in defending US critical infrastructure.
Source: https://www.theregister.com/2024/08/14/opinion_lenovo_jcdc/