As its strategic and technological competition with China heats up, the US is constructing a “Clean Network”. According to the State Department, this is a “comprehensive approach to safeguarding the nation’s assets including citizens’ privacy and companies’ most sensitive information from aggressive intrusions by malign actors, such as the Chinese Communist Party”. But creating a “sanitized” tech space is not proportionate risk management. This strategy fancifully assumes that adversaries will relent and stand down, letting the US and those in its trusted network prepare for the challenges of an interconnected world. And in the meantime, it threatens the very rules-based order that the US led efforts to construct.
In 2012, Australia was the first country to fire a shot in the emerging tech war when it banned China’s Huawei Technologies from participating in the buildout of the country’s broadband network. Six years later, Canberra blocked Huawei and ZTE, another Chinese telecommunications firm from bidding to supply technology for Australia’s wireless 5G network. It based its decision on an assessment of potential cyber threats to critical infrastructure. The prime minister at the time, Malcolm Turnbull, sent the Australia-China relationship into a tailspin, warning that it was not just the theoretical capability of a cyberattack that made Huawei a threat but that “intent can change in a heartbeat”. Australia, which had benefited so richly from its trade and investment relations with China, had determined that, for national security reasons, it could not trust Chinese companies, a decision that signalled the deepening of systemic distrust of Beijing among the US and its allies.
Huawei had long been suspected by the US national security establishment of facilitating espionage. (In 2012, the US House of Representatives’ intelligence committee, identified Huawei and ZTE as threats to American national security.) The Shenzhen-based company has repeatedly denied the claims and, indeed, no evidence of espionage has been presented. Nevertheless, China does have national security legislation that could be wielded to force the hands of its firms, as indeed does the US. Intelligence analyst-turned-whistleblower Edward Snowden, who took refuge in Moscow in 2013, documented in detail American espionage and surveillance programs and techniques.
But the tech war is about more than spying: the risk of sabotage, as raised by Australia, after suffering a series of cyberattacks on major institutions, elevated the threat scenarios to a new level. Washington soon followed Canberra in blacklisting Huawei. It then went further, funding “rip and replace” removal of Huawei equipment from US networks and leading a campaign of extraterritorial economic coercion to pressure countries to shun Huawei’s products and services, thereby depriving the Chinese multinational of key customers. The US has also pressured chipmakers to stop supplying Huawei with semiconductors. Taiwan’s TSMC has confirmed that it ceased further shipments to Huawei in the middle of September.
The paradox Is that, in the rules of engagement of this new tech war, evidence of malicious cyber activity is not required to trigger restrictions or punitive measures. Just naming the risk is enough. In the absence of trust and international cooperation, simply being unable to invalidate worst-case scenarios is all that is needed to raise the threat level. In a deteriorating geopolitical climate, in which confrontation may possibly escalate into conflict, it is of course rational for decision makers to guard against cyber-risks. In a world of devices connected to instant global flows of data through impossibly complex networks, the potential for any state (or other actor) to weaponize its technological assets is, to be sure, a risk that must be mitigated.
TikTok and WeChat are the latest to be cast as cyber risks in the US, and now attention is being turned to DJI, which dominates the US and global market for drones. In the new US-China tech war, risks are potentially everywhere, and the next target could be electric cars, or cloud computing, or artificial intelligence, or data networks. For businesses and economies that are interdependent with Chinese supply chains there is a new generation of geopolitical risks that could become the next phase of US attention.