China’s internet regulator has launched an investigation into the security regime protecting academic journal database China National Knowledge Infrastructure (CNKI), citing national security concerns.
In its announcement of the investigation, the China Cyberspace Administration (CAC) said:
CNKI is a privately-owned publishing company that maintains a monopoly on academic journal searches in China. In recent years, it has been criticized for imposing exorbitant price increases.
The price hikes were significant enough – allegedly 132 percent between 2010 and 2016 – that some organizations, including the state-linked Chinese Academy of Sciences, ended their CNKI subscriptions.
China’s antitrust watchdog, the State Administration for Market Regulation (SAMR) launched an antitrust probe into the outfit last May.
According to state-sponsored media Global Times, CNKI has over 1600 institutional customers and includes 90 percent of published journals in mainland China. Forty percent of the material on the site is exclusive to CNKI.
Beijing has not explained why the security review is necessary, but it is not hard to imagine that CKMI hosts papers that discuss national security matters, or data that China’s government would like to control. Academic papers as an intelligence side-channel is an obvious risk worth addressing.
China’s move to secure its critical info comes as the nation is credibly accused of exploiting lax security to find other nations’ info through means fair and foul.
In one recent case, China was accused of having a role in a US-based professor turning US-funded research into Chinese patents.
Other reports suggest that China-backed attackers steal university research – such as a 2019 effort targeting maritime technology across at least 27 academic institutions.
The espionage doesn’t stop there. State-sponsored actors have also allegedly targeted [PDF] medical data from the healthcare industry, and many other verticals.
Announcements of investigations into domestic companies from the CAC are rare, prompting questions about Beijing’s motives in doing so. Drawing attention to the CNKI could elicit attention and invite attacks on the organization – which could be a good method for Beijing to teach the company a lesson about hiking its prices up. Or perhaps it lets China’s cyber-defenders sit back and watch the tools and techniques used by attackers in hope of learning how other nations conduct such operations. ®