Technology

The U.S. Lags Behind China in Spotting Cyberthreats

Hackers have a head start in exploiting system flaws.

Provide news feedback or report an error

Confidential tip?

Send a tip to our reporters

Site feedback:

Take our Survey

By Dune Lawrence

October 19, 2017 at 11:00 AM UTC

This article is for subscribers only.

This article is part of the October 23, 2017 issue of businessweek.

In March, the Apache Software Foundation announced it had discovered a critical flaw in its software, one now famous as the unpatched Achilles’ heel of Equifax Inc. that allowed hackers to make off with sensitive information on 145 million Americans. We don’t yet know who got into Equifax, but we do know Chinese hackers looking to exploit the bug, and Chinese companies defending against attacks, had a head start. Details of the flaw were published to China’s National Vulnerability Database within a day of Apache’s announcement. It didn’t show up in the official U.S. database for three days. By then, researchers were already documenting a wave of global attacks exploiting the faulty code.

China’s advantage is usually much greater, according to research published on Oct. 19 by Recorded Future, a cybersecurity company. There’s an average 20-day gap between when China’s database publishes information on newly discovered bugs and when its U.S. equivalent does, based on 17,940 vulnerabilities added to both databases over the past two years, the analysis showed.