I found this very interesting, some key points from the article:

"China has developed more secure operating software for its tens of millions of computers and is already installing it on government and military systems, hoping to make Beijing's networks impenetrable to U.S. military and intelligence agencies."

"Additionally, Mr. Coleman said, the Chinese have developed a secure microprocessor that, unlike U.S.-made chips, is known to be hardened against external access by a hacker or automated malicious software. "

"A third computer specialist, Alan Paller, told the Senate Committee on Homeland Security and Governmental Affairs on April 29 that China's military in 2005 recruited Tan Dailin, a graduate student at Sichuan University, after he showed off his hacker skills at an annual contest.

"Mr. Paller, a computer security specialist with the SANS Institute, said the Chinese military put the hacker through a 30-day, 16-hour-a-day workshop "where he learned to develop really high-end attacks and honed his skills." "


Full story: http://www.washingtontimes.com/news/2009/may/12/china-bolsters-for-cyber-arms-race-with-us/

The article you mentioned does impress upon us the need to better handle sensitive data, and be very wary of our system security - and Russia / China developing their own microprocessors doesn't surprise me, in the least.  The fact that they hire many of the best hackers and bit-heads in the world is no surprise, either, particularly as they are known as technological leaders, and have millions more people readily accessible to them, in such a small geographical density.  That said, our own government does a pretty good job, themselves, of pulling in good talent, when they try.

I'd like to think our intelligence agencies and cyber-warfare units are staying pretty 'on top' of what China considers such a secure OS.  Kylin, as it's being reported, was talked about 3-4 years ago, quiet frequently in the security realm.  It was noted that, underneath, the core kernel is nothing different than that in the public sectors of FreeBSD and Linux.

In another article about Kylin ( http://blogs.zdnet.com/security/?p=3385 ) on ZDNet today, they make the following statements:

"What everyone appears to be forgetting is the fact that security is proportional with usability, and as well as the fact that complexity is the worst enemy of security."

and also quote:

"Prior to this, the Kylin operating system - which is funded by the National 863 High-Tech Program - was found to have plagiarized from the FreeBSD5.3. An anonymous internet user, who goes by the handle name “Dancefire”, pointed out similarities between the two systems reached 99.45 percent."

I'm certain, that they have many things in there we don't know about, and those 'things' are valid concerns.  But again, this goes to show that we need to stay focused, as security experts, and continue not just reactive security, but proactive security, as well, making sure we're monitoring our networks, constantly working to tighten our security, and increase awareness of the same.

Definitely worth the read, even if just to re-enforce / justify our work!

Thanks.

Right on the money there.  We find vulnerabilities in open source software all the time, and that is regularly reviewed by anyone who wants it.  If the Chinese government has a "special" version of the OS, you can bet that its as full of holes as proverbial swiss cheese.  Just takes the right person to get ahold of the "government only" copy and start looking.

CIA anyone?