China tells firms to stop using Western cybersecurity software

Citing national security concerns, China has told domestic firms to stop using cybersecurity software made by over a dozen Western firms. Here are the implications.

Replace by H1 2026

The instructions require organisations to identify if they use cybersecurity products from American and Israeli firms, including Palo Alto, Fortinet, and Check Point.

Chinese companies will need to replace them with domestic equivalents by the first half of 2026, allegedly to prevent sensitive data from being sent overseas or to prevent vulnerabilities to spying.

According to Bloomberg, this includes Recorded Future, CrowdStrike, Mandiant, Rapid7, SentinelOne, Claroty, Cato Networks, Imperva, CyberArk, Wiz, Broadcom's VMware, McAfee, and Orca. It is understood that not every firm on the list currently sells products in China.

An era of distrust

The Chinese government has become increasingly concerned that Western equipment could be hacked by foreign powers. The move is not without precedent.

The U.S. government has similarly restricted the use of equipment from Chinese companies such as Huawei, ZTE, and others since 2018, also citing security concerns. This likely stemmed from fears that the Chinese government would do what the US once did.

Over a decade ago, former NSA employee Edward Snowden alleged that Cisco routers built for export were routinely intercepted without its knowledge and installed with hidden surveillance tools. The result: we are entering an era of distrust, which will only weaken cybersecurity for all.

State-sponsored cyberattacks

There is evidence that state-sponsored cyberattacks are surging as distrust mounts globally. Last year, Singapore took the unusual step of publicly blaming a China-linked state-sponsored group for attacks on Singapore's CII, or critical information infrastructure.

CII systems support essential services such as energy, water, finance, healthcare, transport, and soon, data centres. What was particularly worrying was how efforts appeared to centre around breaking in to establish a long-term foothold.

With the right level of access, hackers can shut down or even damage power plants remotely. With enough power plants down, the grid itself could collapse, leaving the entire country vulnerable to kinetic attacks.

Chillingly, the use of cyberattacks on power plants to disable air defences was alluded to in the recent brazen U.S. operation that saw it capture Venezuelan President Nicolás Maduro.

In a press conference, President Trump said: "It was dark, the lights of Caracas were largely turned off due to a certain expertise that we have, it was dark, and it was deadly."

In a bid to strengthen CII cybersecurity, Minister Shanmugam announced at SICW 2025 that Singapore will proactively share classified threat intelligence with CII operators.

Where do you see this heading?