Chinese Ministry of State Security

China's Ministry of State Security (MSS) on Thursday revealed several industrial and supply chain leak cases, including insider leaks of semiconductor technology, data theft, and the covert extraction of critical mineral information. The ministry warned that the security of industrial and supply chains is crucial to national economic security and high-quality development, calling for the creation of a scientific and efficient protection system, CCTV News reported. 

According to the MSS, a foreign nonferrous metals company used its Chinese employee, surnamed Ye, to bribe the deputy general manager of a domestic rare-earth company, surnamed Cheng. Driven by personal gain, Cheng violated regulations and illegally provided seven items of classified state secrets to the foreign side, including information on China's rare-earth reserve categories, quantities, and prices. Both Ye and Cheng were punished in accordance with the law.

Another case involved a former engineer at a domestic semiconductor company surnamed Zhang, who allegedly breached his confidentiality obligations after leaving the firm and illegally provided core production processes and other trade secrets to a foreign organization.

A third case involved a domestic company that used technical means to embed itself into an e-commerce platform's system, stealing more than 1 million business data records per day and illegally earning tens of millions of yuan in profits.

According to the MSS, all of the individuals involved in these cases were severely punished in accordance with the law.

The MSS said that the development of resources, technological progress and the flow of data are deeply embedded in the underlying networks of industrial and supply chains. It warned that the security of these chains is closely tied to national economic security and high-quality development.

Foreign espionage and intelligence agencies have in recent years stepped up covert, specialized and systematic efforts to infiltrate, disrupt and steal sensitive information from China's industrial and supply chains, posing a serious threat to the country's economic, technological and data security, according to the MSS statement.

Given the increasingly severe and complex security environment, the MSS said that addressing isolated vulnerabilities or responding only after incidents occur is no longer enough. The MSS suggested building a scientific and efficient protection system. 

The ministry called for stricter management of hardware, including tighter control over access to chips, servers and industrial control devices, stronger supplier vetting and traceability, and thorough inspections to remove equipment posing security risks. It also called for mechanisms to dynamically manage supplier access and prevent malicious actors from planting surveillance devices or pre-installed malicious or espionage-related firmware.

It also stressed stricter software management, including stronger oversight of software, open-source components and cloud services, along with code audits and vulnerability checks to prevent malicious code and backdoors from being installed.

For sensitive data, core technologies and trade secrets, the MSS called for full life cycle management, least-privilege access, end-to-end encryption and cross-border data security assessments to prevent theft, tampering or illegal transfer overseas. 

On personnel management, the ministry said that companies should clearly assign counter-espionage responsibilities, conduct background checks and confidentiality training for staff in key positions, and prohibit handling classified information on non-classified devices. It also urged tighter regulation of foreign-related cooperation, outsourcing and subcontracting to prevent foreign intelligence agencies from exploiting inducements or recruitment to obtain sensitive information.