China Bans U.S. and Israeli Cybersecurity Software over National Security Concerns
Chinese authorities have instructed domestic firms to stop using cybersecurity software from more than a dozen U.S. and Israeli companies, citing national security risks, according to three people familiar with the directive. The move highlights Beijing’s ongoing campaign to reduce reliance on Western technology amid escalating tensions with Washington over trade and technological dominance.
The ban targets several major U.S. firms, including Broadcom-owned VMware, Palo Alto Networks, and Fortinet. Israeli companies affected include Check Point Software Technologies, CyberArk, Orca Security, and Cato Networks. Other U.S. firms reportedly on the list are Alphabet-owned Mandiant and Wiz, as well as CrowdStrike, SentinelOne, Recorded Future, McAfee, Claroty, and Rapid7. French defence company Thales’ cybersecurity unit Imperva, which it acquired in 2023, is also included.
Market Reaction and Company Responses
Following the announcement, shares of Broadcom fell more than 4%, while Fortinet declined over 2%. Rapid7 dropped more than 1%, whereas Check Point closed slightly higher and Palo Alto remained steady.
Several affected companies said the ban would have minimal impact on their operations. CrowdStrike stated that it neither sells in China nor maintains offices, infrastructure, or staff there. SentinelOne noted that it has “no direct revenue exposure” to the Chinese market. Claroty confirmed it does not sell into China, while Recorded Future said it had no business there and no plans to enter. McAfee, describing itself as a consumer-focused company, emphasised that its products are “not built for government or enterprise use.”
Orca Security’s CEO Gil Geron said his company had not been notified of the ban but warned that such a step “would be a move in the wrong direction.” The remaining firms did not respond to Reuters’ requests for comment.
Security Concerns and Political Context
Chinese regulators reportedly warned that the banned software could collect and transmit sensitive data abroad. The Cyberspace Administration of China and the Ministry of Industry and Information Technology have not issued public statements.
The move comes as preparations continue for a planned visit by U.S. President Donald Trump to Beijing in April. Relations between the two countries remain strained despite a fragile trade truce, with both sides accusing each other of using technology for strategic advantage.
Beijing has intensified efforts to replace foreign-made software and computer equipment with domestic alternatives, driven by fears of potential surveillance or cyber intrusion. Major Chinese cybersecurity firms such as 360 Security Technology and Neusoft are expected to benefit from the policy shift.
A Deepening Divide in Global Cybersecurity
Several of the companies now banned have previously linked cyberattacks to Chinese actors, accusations Beijing consistently denies. In recent months, Check Point and Palo Alto Networks published reports alleging Chinese-backed hacking campaigns against foreign government targets.
Despite some companies having no operations in China, others maintain a notable presence. Fortinet lists multiple offices in mainland China and Hong Kong, while Check Point and Broadcom also have local offices. Palo Alto Networks maintains five sites, including one in Macau.
China’s decision mirrors past actions by Western governments. In 2017, U.S. authorities ordered the removal of Russian cybersecurity firm Kaspersky’s software from federal networks, citing espionage concerns. The United States later banned all Kaspersky product sales in 2024.
with inputs from Reuters
