18 March 2019

The Chinese Dragon Is a Hydra

By Bryson Bort

The China problem is bigger than you think. It's bigger than Huawei, bigger than 5G, and bigger than simmering trade wars. It's bigger, even than China.

Recent developments have brought China’s aggressive policy of state-sponsored cyber espionage back into the spotlight: The Justice Department (DOJ) filed charges against Huawei, the Chinese telecom giant, and its CFO for industrial spying. This move came amidst reports that the U.S. government is seeking to curtail the company’s involvement with incipient 5G communications networks. Also, last week, U.S. intelligence chiefs described China as the nation’s top counter-intelligence threat.

These data-points fail to capture the scope and pervasiveness of a new kind of threat – the full-spectrum fusion of state and corporate resources – of which China is the most prominent but not sole example; Russia, Iran and North Korea are guilty as well. The new cold war is being fought through and in private industry, not strictly between governments. U.S. adversaries are preparing the modern battlespace while Western governments spit fire at one-off cases but miss the totality of the threat.

As FBI Director Christopher Wray told the Senate Intelligence Committee, the lines between the Chinese government and “ostensibly private companies” have been “blurred if not totally erased.” Its “Made in China 2025” industrial policy, for example, aims to use all of the country’s hard and soft power to dominate next-generation technologies such as 5G, Artificial Intelligence, aviation, autonomous vehicles, and robotics.


To that end, China shields favored industries and nurture them with intellectual property theft. China also legally forces companies to transfer proprietary secrets. Allegations that Huawei offers company bonuses for espionage and physical theft of proprietary technology is typical and rampant; DOJ reported last year that 90 percent of its economic espionage cases from this decade relate to China. China is not content to rebuild what others have engineered; it has prioritized luring intellectual talent to boost its surge toward technological dominance.

Huawei illustrates the nexus between the government and a nominally independent enterprise. Its founder was a People's Liberation Army director and the company, which receives state subsidies, is hailed by the government as a "national champion" in its sector. Huawei officials deny that it is a state organ, but that is a meaningless distinction: Chinese law requires companies to comply with state security services, specifically as regards "electronic communications instruments and appliances.” Unlike the US, recall that when the FBI wanted Apple to unlock the San Bernardino shooter’s iPhone, the company’s refusal was legally protected. In China, the law compels compliance. Authoritarian regimes, it turns out, behave in authoritarian ways.

This knowledge informs the apprehension about Huawei's and ZTE's growing role in global telecommunications infrastructure, including future 5G networks. It is near-impossible to detect or prevent companies from installing back-doors or to potentially monitor or interfere with data and communications. The New York Times recently reported and a paper published in the journal, Military Cyber Affairs, last year outlined how China Telecom had, for months at a time, opened data to duplication, corruption, or other interference. Imagine if your snail-mail was detoured through China, where spies could read it.

This is not merely a Chinese version of What’s good for General Motors is good for the country. Traditional economic espionage involves stealing industrial secrets; the merger of state and corporate interests, as well as the world's growing connectivity, add a new dimension of peril. Last week's intelligence assessment notably reported that for the first time that Beijing can conduct cyberattacks against critical U.S. infrastructure.

Consider autonomous cars, which figure to rapidly fill U.S. roads in the next decade and whose controlling software and hardware should quickly qualify as critical infrastructure. Keen Security Lab, a division of the Chinese company Tencent, won an IT research award from BMW, with whom it has been working on these issues. While Keen is ostensibly private, the time and money they invested in the project suggest government backing. Either way, as a practical matter, this means that China is on the way to cornering that market and will have the inside track to exploit its vulnerabilities.

At stake is the world’s information architecture and whose values inform it: authoritarianism or liberal democracy. That’s why the Trump administration is preparing an executive order to bar U.S. companies from using Chinese technology in critical telecommunications networks; it’s why the European Union is considering barring Huawei from its 5G networks; it is why U.S. military bases no longer sell Huawei and ZTE gear.

These are positive steps, but the U.S. and its allies must build a broader policy framework that encompasses these steps, and others so that we are not reacting individually but moving holistically – before our adversaries rewire the world in their image.

No comments: