Here’s an article I wrote the other week for IDG Connect. The situation is rapidly evolving, but most of the commentary is still bang on:
As the world’s IT manufacturing centre and a huge market in its own right, anything that happens in the China can have a significant impact on the tech industry. So the boardrooms of multi-national IT players everywhere will once again be on high alert as the new coronavirus brings factories to a halt in the Middle Kingdom.
As if the persistent threat posed by Donald Trump’s protectionist trade war wasn’t enough to contend with, the newly named Covid-19 is already having a chilling effect on key supply chains and components. It may further accelerate plans for manufacturers to move facilities out of China and could even impact 5G deployments, according to analysts.
Bigger and badder than SARS
First reported to the World Health Organisation (WHO) on December 31, Covid-19 has now claimed over 1,000 victims and infected nearly 43,000, mainly in China. As such, it’s now more deadly than the SARS epidemic of 2002-3, which had a major impact on the Chinese and global economy at the start of the century.
It’s impact on tech is two-fold: in closing down factories in quarantined areas and preventing workers from travelling to facilities; and in subduing the usual sales bonanza in China around the Lunar New Year holidays at the end of January. In many cases, it appears as if workers have been stranded in their home towns, unable to travel back to the regions in which they usually live and work.
The annual Mobile World Congress (MWC) event in Barcelona has even been cancelled after big-name Asian firms pulled out. This is not insignificant, according to Forrester analyst, Alla Valente.
“For the thousands, if not millions of meetings, conversations and deals that would have taken place, this has long-term implications for vendors, suppliers and customers,” she tells me by email.
Huawei also postponed its annual developer conference in Shenzhen this week. Analysts tell me that tech giants including Dell, HP, Apple, Samsung, Qualcomm, Microsoft, Google, Intel, Sony, LG and even Facebooks’ Oculus brand are in the firing line. But some sectors are more exposed than others.
Where is Covid-19 hitting hardest?
Displays: With five large display factories located in the Covid-19 ground zero of Wuhan, it’s perhaps not surprising that this sector is impacted. According to analyst Omdia, utilisation rates at Chinese display fabs will drop by 20-25% in February with total production/output set to fall by 40-50%. Producers are hit by both component and labour shortages thanks to quarantining efforts by the Chinese government.
LCD polarisers and LCD module printed circuit boards (PCBs) are in particularly short supply due to logistics issues, even as most facilities resume production. This could apparently affect 5G smartphone production as well as other products: China reportedly makes around half the world’s supply of TVs, laptops, and PC monitors.
Smartphones: Along with the problems in LCD displays, many of the world’s biggest producers of smartphones including Apple have major production facilities in China. Two major Foxconn facilities used by the iPhone-maker were reportedly given the green light to reopen this week, but only 10% of workers had so far been able to return. Foxconn shares slumped 11% since markets reopened following the New Year break. Analyst Trendforce reportedly cut its forecast for iPhone production in the first quarter of 2020 by around 10% to 41 million handsets.
It’s not just production of smartphones that’s at stake. Although the giant Chinese market was set to rebound in 2020, this now seems unlikely, in the short term at least. IDC expects China’s smartphone shipments to slump more than 30% year-on-year in Q1 2020, and warned of “uncertainty in product launch plans, the supply chain, and distribution channels, in the mid and long term.”
Servers: According to reports from Taiwan, server shipments grew by over 13% in Q4 2019 but are expected to be affected by Covid-19 in the first three months of 2020. Although demand from large datacentres remains strong, the virus outbreak has impacted the upstream supply chain, which will cause shipments to decline 9.8% from the previous quarter, versus a previous estimate of 1.2% growth.
What happens next?
Although some reports from China claim hopefully that the disease appears to be slowing, it took five months before the SARS outbreak was officially recognised by the WHO as contained. As such, it’s still far from certain when travel restrictions will be relaxed by Beijing so that workers can return to production plants. The longer the current situation continues, the bigger the potential impact on supply chains.
Omdia claims, for example, that while currently global semiconductor supply appears unaffected, this could change if the public health situation worsens. Meanwhile, IDC analysts warned in an emailed note: “Since a large amount of the surface mount technology (SMT) and PCB manufacturing factories for both consumer goods and datacentre products are produced in China, and even in Wuhan in some cases, much of the supply chain is at the mercy of the government closure of critical infrastructure.”
For Forrester’s Valente, Covid-19 has the potential to disrupt not just 5G rollouts but the wider global economy.
“It will delay product launches – if they’re lucky. With so many supply chains adopting the Just-In-Time approach to inventory and manufacturing, some launches may need to be cancelled outright,” she argues.
“As the pandemic impacts more supply chains, what happened when products, parts, resources run out? Will all the business depending on them experience disruption? The long-term impact is greater than the economy of China or the region. We’re living in an interconnected business economy, and Covid-19 could impact the global economy.”
The future: diversify
In the meantime, the best thing organisations can do to mitigate the risks posed by the next Covid-19 is to revise and update business impact analyses (BIAs), according to Forrester. This should include four main steps:
- Classify business processes according to criticality
- Improve supply chain resilience by diversifying with multiple suppliers and geographies
- Identify which customers should receive priority treatment
- Provide extra resources and enhance automation to take the strain off your reduced workforce
The analyst warned that climate change will make pandemics like this more common in the future. As the tech industry picks up the pieces once Covid-19 has blown over, the lasting impact may be an acceleration of a trend already begun thanks to the US trade war. Namely, moving tech production out of China.
The news coming out of the latest G20 summit in Japan has been largely focused, just as Donald Trump likes it, on his trade war with China. But has the self-styled Dealmaker-in-Chief made a tactical error by appearing to relax punitive rules imposed on one of the Middle Kingdom’s leading tech firms, Huawei?
While the details are still to be hammered out, the announcement would appear to be good news for US tech firms, in the short term at least. But it will only serve to buy Chinese firms more time as the country accelerates towards tech self-sufficiency, while failing to resolve the question of who builds America’s 5G networks.
A good day for Huawei
Trump’s announcement over the weekend came after he and Chinese President Xi Jinping met at the meeting of world leaders in Osaka. The two agreed to resume trade talks, halting the imminent imposition of tariffs on a further $300bn of Chinese imports to America as well as relaxing rules preventing US firms from selling components to Huawei. The latter agreement effectively reverses a decision made last month to stick Huawei and 70 subsidiaries on an “entity list”, although even this had been subject to a subsequent 90-day delay. That decision was touted as one made on national security concerns about the Shenzhen-based network equipment and smartphone manufacturer, although Beijing officials have claimed it was more aimed at constraining the global rise of China’s tech giants.
National Economic Council chairman Larry Kudlow subsequently clarified that these US national security concerns “are still paramount”, and that the new agreement did not amount to a “general amnesty”. Instead, it will only “grant some additional licenses where there is a general availability” of the parts needed by Huawei. These include key processors and software produced by US firms. Huawei was hit for six by the US Commerce Department order in May, which imperilled the supply of key smartphone kit from Qualcomm as well as Intel server and laptop chips, Xilinx and Broadcom networking kit and even Google Android support.
Kicking the 5G can
US technology firms will certainly be happy with the G20 decision. Losing one of their biggest Asia clients – one of the world’s top three smartphone producers – would have been a major financial blow. But it does nothing to address the other key China initiative taken by the Trump administration in late May: declaring a national emergency preventing the supply of IT services and equipment from firms (like Huawei and ZTE) considered under the direction of foreign adversaries.
There is therefore still a huge question mark over how the US competes with China more broadly when the only viable supplier of 5G networks at present is Huawei. Its kit is said to be cheaper and as much as a year more advanced than rivals like Nokia and Ericsson. Washington’s decision to block on national security grounds threatens to stall progress in IoT and smart cities, autonomous vehicles and other sectors which are waiting for 5G to accelerate to the next level of development. More important still, there may be significant military advances being held up by these 5G delays.
Former Pentagon official and visiting fellow at The Heritage Foundation, Steve Bucci, is optimistic that homegrown solutions can be found.
“Trump’s comments do not lift these [5G] restrictions, which is spot on. We cannot lift them safely,” he told me by email. “The answer is to challenge US companies to pick up the baton. They can do it technologically, and just need a little assurance their investments will not be in vain. Additionally, it would probably give our allies and friends a few more options.”
An uncertain future
Yet given the hundreds of billions Huawei and China have spent in gaining an advantage in 5G, it’s unlikely at present that US firms can catch up. That could mean long-term decline for its telecoms sector and missing out on a huge economic dividend.
“The leader of 5G stands to gain hundreds of billions of dollars in revenue over the next decade, with widespread job creation across the wireless technology sector,” a Pentagon report warned in April. “The country that owns 5G will own many innovations and set the standards for the rest of the world. That country is currently not likely to be the United States.”
In the meantime, the Trump administration’s initial decision to put Huawei on a trade blacklist will only have strengthened Xi Jinping’s arguments at home that China is still too reliant on the US for key technology components.
Roslyn Layton, co-creator of ChinaTechThreat.com, member of the Trump Transition Team for FCC, argued via email that “Huawei is in a death spiral”.
“If Huawei doesn’t have access to the essential patents from Qualcomm, Huawei is out of business. Huawei can’t make 5G equipment without these patents,” she added.
This may be true. But you can be sure that it and more generally the Chinese state will be working hard to become self-sufficient in these components. Deals like the G20 one simply buy them more time. The long-term picture for US tech suppliers with major markets in China and the many thousands of businesses waiting for 5G networks is far from rosy.
In today’s globalised business world, what happens in Shenzhen or Singapore may be just as important as trends closer to home. To that end, I recently offered IDG Connect the following round-up of the past year in APAC, and a few notes on what we can expect from the months ahead. As Apple’s dire performance in China has shown, Asia increasingly matters to Western tech firms, their customers, shareholders and partners:
Asia’s technology market had more global exposure in 2018 than in many recent years. There’s just one problem: most of it was negative. President Trump has begun a de facto trade war with China which has now morphed into a full-fledged stand-off on several fronts, with cyber-espionage and perceived unfair Chinese trading practices at the heart of US grievances. As we head into 2019 expect tensions to increase, with other south-east Asian nations potentially benefitting as US firms pull their supply chain operations from the Middle Kingdom.
It could be an extremely nervy time for Silicon Valley CEOs.
The trade war continues
The tit-for-tat trade war started in 2018 might have so far steered largely clear of tech goods, although some firms have begun to warn of an impact on profits. But the industry has certainly been at the heart of the stand-off between the world’s superpowers. In January a deal between Huawei and AT&T to sell the former’s smartphones in the US collapsed after pressure from lawmakers worried about unspecified security concerns. Then came a seven-year ban on US firms selling to ZTE — the result of the Chinese telco breaking sanctions by selling to Iran, and then lying to cover its tracks. Although part of the ban was subsequently lifted temporarily, it highlighted to many in the Chinese government what president Xi Jinping had been saying for some time: the country needs to become self-sufficient in technology. It was reinforced when Huawei became the subject of a similar investigation.
This is about America, and Trump in particular, fighting back against what it sees as years of unfair trading practices by China. The argument goes that the Asian giant has been engaged in cyber-espionage on an epic scale to catch up technologically with the West, and unfairly forces IP transfers on foreign firms as the price for access to its huge domestic market. Thus, the coming year will see a ratcheting up of tensions. China on the one side will look to increase its espionage in areas like mobile phone processors to accelerate plans to become self-sufficient. And the US will continue to find ways to crack down on Chinese firms looking to access its market — probably citing national security concerns. There are even reports that the US has considered a total ban on Chinese students coming to the country over espionage concerns.
“Technology CEOs the world over with supply chain dependencies in China — so probably all of them — should be increasingly nervous and focused on their firms’ efforts to have viable contingency plans for a US-China technology cold war,” wrote China-watcher Bill Bishop in his Sinocism newsletter. That could spell good news for other ASEAN nations like Vietnam, where Samsung has made a major investment in facilities — although few countries in the region boast the infrastructure links and volume of skilled workers China does.
Cybersecurity takes centre stage
As mentioned, cybersecurity and online threats are at the heart of the Sino-US stand-off. The stakes got even higher after a blockbuster report from Bloomberg Businessweek which claimed Chinese intelligence officers had implanted spy chips on motherboards heading for a US server maker. Although the claims have been denied by Apple, Amazon and the server maker in question, Supermicro, they will confirm what many have feared about supply chain risk for a long time and accelerate efforts in 2019 to move facilities out of China. Further fanning the flames is a US indictment alleging Chinese spies worked with insiders including the head of IT security at a French aerospace company’s China plant to steal IP.
In a move likely to enrage China, the US also recently arrested and charged a Ministry of State Security (MSS) operative with conspiracy to steal aviation trade secrets. A major backlash is likely to come from Beijing. But more could also come from Washington after a combative congressional report from the US-China Economic and Security Review Commission called for a clampdown on supply chain risk and warned of China’s efforts to dominate 5G infrastructure and IoT production.
Aside from state-sponsored attackers, there’s a growing threat from Chinese cyber-criminals, according to one security vendor. Western firms suffer millions of attacks per year from financially motivated Chinese hackers, according to IntSights. Expect that to increase in the future as the state encourages criminals to focus their efforts outside the country, or even to team up with hacking groups at arm’s length. Also expect the country’s Cybersecurity Law to have a growing impact on how Western firms do business there. Ostensibly meant to vet such firms for interference by the NSA and CIA, the law could also serve as a pretext for Chinese officials to access sensitive IP and source code belonging to Western firms operating in China.
For other countries in the region, improving cybersecurity is vital to their efforts to attract more foreign IT investment and nurture start-up friendly environments. Although there are pockets of good practice, APAC is thought to be among the least mature regions worldwide. AT Kearney has called on ASEAN nations to increase cybersecurity spending to around $170 billion, warning that they are in danger of losing $750 billion in market capitalisation otherwise.
The threat from Chinese spies and local hackers is compounded by the growing danger posed by North Korea. Its state-sponsored hackers are acting with increasing impunity. FireEye recently identified a new group, APT38, which was responsible for the attacks on Bangladesh Bank and other financially motivated raids. Expect more attacks aimed at raising funds for the regime, as well as destructive campaigns and politically motivated information theft.
Taking a lead
On a more positive note, APAC is increasingly seen as a leader in emerging digital technologies: led by the two regional giants of India and China but also mature nations like Singapore, Taiwan, Hong Kong and South Korea. Microsoft believes that digital transformation will inject over $1 trillion to APAC GDP by 2021, with artificial intelligence (AI) a key catalyst for growth.
AI continues to be major focus for the region. Singapore is a leader in AI thanks to heavy government investment in schemes such as AI Singapore (AISG) and its AI Speech Lab, while government-owned investment company SGInnovate has recently unveiled its Deep Tech Nexus strategy. India is also is also poised to become “one of the most active centres of expertise in AI” according to experts, thanks to government backing.
Asia is leading the way on smart city projects. Investment in initiatives was set to reach $28.3 billion in 2018 in APAC (ex Japan), and is forecast to reach $45.3 billion in 2021 — partly out of necessity. The region’s cities are forecast to add another one billion citizens by 2040, which will require up to 65% of the UN’s Sustainable Development Goal targets to be met.
India’s Modi government has led the way with an ambitious plan to transform 100 cities, although 2019 will be a crucial year, given that recent reports claim 72% of these projects are still only at the planning stage. Many more examples are springing up all over the ASEAN region, however, from flood awareness programmes in Danang to a free public Wi-Fi and CCTV camera network in Phuket. IDC celebrates some of the best examples each year, showing the breadth of innovation in the region.
However, governments will need to do better in 2019 to tackle major barriers to digital transformation identified by the UN. These include excessively top-down approaches; security, privacy, and accountability problems; and digital exclusion. It claimed just 43% of APAC residents were internet users in 2016. There’s plenty of work for governments and the private sector to do next year.
Here’s a version of a piece I wrote for IDG Connect recently about the escalating tech trade war between the US and China. While Trump is blowing hot and cold on what to do with ZTE, an even bigger potential problem is looming.
A full-on trade war between the United States and China just got another step closer after Washington opened an investigation into whether Huawei broke US sanctions on Iran. The Department of Justice (DoJ) has already slapped tariffs on $60bn worth of Chinese steel and aluminium, but this turn of events could have arguably more serious repercussions.
On the one hand it could cause panic in US tech boardrooms if China ends up banning sales of electronics components made in the Middle Kingdom. But in the longer term, this could accelerate China’s push towards self-sufficiency, locking out US firms like Qualcomm for good.
A seven-year ban?
The Justice Department investigation is said to have stemmed from a similar probe into whether Shenzhen rival ZTE broke US sanctions by exporting kit with American components in it to Iran. It was found guilty not only of breaking the sanctions, which resulted in an $892m fine, but of breaking the deal’s terms by failing to punish those involved. The resulting seven-year ban on US firms selling to ZTE will severely hamper its growth efforts, especially as it relies on chips and other components from the likes of Qualcomm and Micron Technology.
The probe of Huawei, which is said to have been ongoing since early 2017, could result in a similar punishment if the firm is found guilty of breaking sanctions. Washington has belatedly realised that the US is being supplanted by China as the world’s pre-eminent tech superpower and that has meant increasing roadblocks put in the way of the number one telecoms equipment maker and third-largest smartphone maker in the world. National security concerns have been used to keep Huawei down, first in 2012 when it and ZTE were de facto banned from the US telecoms infrastructure market after a damning congressional report, and more recently when AT&T and Verizon were lent on to drop plans to sell the latest Huawei smartphones, and Best Buy stopped selling its devices.
Like ZTE, Huawei could be severely restricted if it is hit with a US components ban. But is Washington shooting itself in the foot with this heavy-handed approach?
A global problem
First, China and its new leader-for-life Xi Jinping is more than ready and willing to fight back against what it sees as unfair trade practices by the Trump administration. It has already fired back with retaliatory tariffs on US food imports and will do so again if a mooted additional $100bn in tariffs from the US goes through. By the same rationale, could China respond to orders banning sales of US components, by banning the sale of China-made components to US tech firms?
Potentially, believes China-watcher Bill Bishop.
“The US-China technology war may run much hotter than the overall conflict over trade. Xi continues to make clear that China can no longer rely on foreign technology and must go all out to end its reliance on it,” he wrote in his popular Sinocism newsletter. “Technology CEOs the world over with supply chain dependencies in China — so probably all of them — should be increasingly nervous and focused on their firms’ efforts to have viable contingency plans for a US-China technology cold war.”
Beijing-based Forrester principal analyst, Charlie Dai, told me the potential for disruption to US supply chains could be “significant”.
“It’s hard to find effective contingency plans and the only way is to have everyone, especially the US government, to realise the importance of collaboration,” he added.
“In a world where the global supply chain and value ecosystem have already become critical drivers for the business growth of large countries like US and China, any further action like ZTE’s case will hurt the economic relationship between the US and China, which is the last thing that companies and customers want to see.”
In the longer term, this could be the reminder Beijing needs that it must become self-reliant in technology to achieve its “rightful” place at the global number one superpower. This has been a goal of Xi’s for years. In fact, that’s what the controversial Made in China 2025 initiative is all about – reducing reliance on foreign suppliers.
“Heavy dependence on imported core technology is like building our house on top of someone else’s walls: no matter how big and how beautiful it is, it won’t remain standing during a storm,” Xi said as far back as 2016. The Chinese government has already set up a fund which aims to raise up to 200 billion yuan ($31.7bn) to back a range of domestic firms including processor designers and equipment makers. But although chips are the number one target, China’s efforts to become self-sufficient in tech expand to other spheres. It has long been trying to nurture a home-grown rival to Windows, although efforts so far have not been hugely successful.
It’s not just Chinese firms the US must be wary of, according to James Lewis, SVP at the Center for Strategic and International Studies.
“The seven-year ban on US components will only encourage foreign suppliers to rush into the space vacated by US companies,” he said of the ZTE case. “It will reinforce the Chinese government’s desire to replace US suppliers with Chinese companies. And it will lead others to begin to make things they did not make before, causing permanent harm to the market share of US companies.”
One final word of warning to US tech CEOs: if China is looking to close the gap on technology capabilities, be prepared for a new deluge of cyber-espionage attempts focused on stealing IP. Innovation may be the first of Xi’s “five major concepts of development”, but that hasn’t stopped the nation pilfering in epic quantities in the past to gain parity with the West.
“It’s impossible for most countries, if not all, to be self-sufficient in all tech components,” claimed Forrester’s Dai. “One chip relates to many different hardware and software components. It requires continuous investments which are hard to realise in the short-term.”
That may be so, but bet against China at your peril. If any country has the resources and now the determination to do it, it’s the Middle Kingdom.
Nation state cyber attacks have never had a higher profile. The sheer volume and sophistication of threat activity today means reporting of incidents has flooded the mainstream media over the past few years. In another post I’ll asked several experts how they characterise the current threat, and the implications of the thorny attribution problem.
But that leaves us with a difficult question to answer: what happens next? Are we headed towards inevitable cyber-conflict?
Not according to former GCHQ deputy director of cyber, Brian Lord.
“It is highly unlikely for a fair time yet that cyber will be the only domain in which a full-blown conflict will occur, and for the foreseeable future will be complementary to traditional warfare not instead of,” argued Lord, now MD of cyber at PGIO. “But the road to conflict will have a very heavy cyber-dimension.”
Could the establishing of cyber-norms help prevent a major conflict in the future? Experts were sanguine about the prospect. Lord claimed the journey to such an end would be “very slow”.
“The abilities of international (and indeed national) legislation and treaties to keep pace with the speed of technological risks challenges (and opportunities) is, in todays’ world sadly lacking and those who want to sidestep outdated rules can easily find a way to do so,” he told me by email.
FireEye senior analyst, Fred Plant, claimed countries are already negotiating cyber-related issues on one-on-one, which could form the basis for wider agreements.
“However, ‘cyber-norms’ are still ultimately rooted in what states determine to be acceptable behavior among other states, and this can differ greatly from one country to another. Cyber-espionage activity against dissidents, for example, can be considered a natural extension of long-standing norms in many authoritarian states whereas Western countries consider such operations to be highly controversial and intertwined with domestic surveillance,” he added. “Serious incidents can occur when these disagreements collide. Conversely, escalations can also occur when rogue countries are already regularly violating international norms, as North Korea-sponsored actors have demonstrated.”
For SecureData head of security strategy, Charl van der Walt, the world’s superpowers are already “preparing the battlefield” via a “cyber-land grab” which involves compromising key machines, probing CNI for weaknesses and compromising supply chains whilst removing risk from their own. The effect of this is to slowly balkanise cyber-space, as smaller nations ally themselves with one side of the other and the world sinks into a protracted Cyber-Cold War, he claimed.
“Day by day, it seems as if the ‘global’ internet is slowly splintering along geopolitical lines. While this ‘cyber-balkanisation’ may have many fronts, it’s perhaps seen most clearly in the recently renewed focus by the US government on integrity in its supply chain, blocking foreign tech providers from competing for contracts in strategically important sectors. Foreign providers in this complex chain of inter-dependencies have been caught in the crossfire as collateral damage,” he told me.
“As we can expect that all cyber super powers are engaging in this activity this presents smaller or developing nation-states with a challenge. As recent history and basic logic clearly shows, for a nation-state that does not have the skill, finance or other resources required to secure and control the hardware and software it uses all the way from the up, it is effectively impossible to protect itself from the offensive operations of more capable nations. So the smaller nation is thus forced to choose the lesser of the evils: aligning itself with the cyber super power it distrusts the least and accepting that it can no longer engage the others for fear of being compromised.”
In the meantime, it’s likely that the escalation of nation state offensive activity will trickle down into the cybercrime underground – as evidenced most clearly in the NSA exploits used to spread WannaCry ransomware in 2017. For van der Walt, “government investment into offensive cyber capabilities is like air being blown into a balloon.”
“Everything offensive is getting bigger and badder and governments are producing an entire new generation of ‘cyber warriors’ with training, skills, experience and exposure that has never been seen before,” he concluded. “Eventually these people will leave military service (like all soldiers eventually do) and find their way into the civilian landscape in one form or another. Many will undoubtedly end up somewhere else in the Cyber Military Complex, but the rest of the world (including crime) will no doubt also be impacted by their experiences.”
The US and China have rarely seen eye-to-eye. But with years of appeasement getting it nowhere fast, the US is now not only talking tough on trade with its biggest rival but also taking steps to harm the business interests of Chinese firms. Here’s my latest for IDG Connect:
This month a deal between Huawei and AT&T to sell its smartphones in the US collapsed after pressure from senators worried about unspecified security concerns. It was a major blow to the world’s third largest device maker and could result in tit-for-tat retaliation by Beijing. In China, Apple announced it would be handing over management of iCloud services to a local government-owned partner — in order to comply with Chinese laws created as a result of escalating tensions and protect its revenue stream in the Middle Kingdom.
These two tech giants are at the center of what could well become a major trade dispute between the world’s pre-eminent superpowers. If it continues to escalate, it could spell disastrous news, not just for IT buyers, but the global economy.
A long time coming
It’s a battle that’s been brewing for years. On the one side, US firms — and technology players in particular — are desperate to access China’s vast market of over one billion internet users. To do so, they’ve been prepared to put up with strict Chinese laws which demand partnering with domestic firms, and technology transfers which can expose IP to the local partner. Along with out-and-out IP theft in the form of cyber espionage — carried out with the blessing or perhaps even backing of the government — this has helped Chinese firms catch up fast in the technology stakes over the past few decades. Censorship of various US platforms — think Twitter, Facebook and Google — also helped to provide a useful vacuum for local players to thrive.
China’s new Cybersecurity Law (CSL) may overlap with GDPR, but could still deliver the opposite effect from the intended one. How will China’s GDPR-like Cybersecurity Law impact business?
Now the US is hitting back. The first big move came when lawmakers effectively banned Huawei and ZTE from touting for telecoms infrastructure contracts in the US, citing national security concerns. Then came the NSA leaks and revelations from the portable USB drives of Edward Snowden, describing how US intelligence had been spying on China for years by intercepting and bugging US-made Cisco routers. That was all Beijing needed to escalate its own policy of prioritising homegrown products and putting yet more roadblocks in the way of US firms.
Huawei rival Cisco was hardest hit, seeing its China market share reportedly plummet over 30%. But some reports suggest that the number of government-approved foreign tech firms in China fell by a third between 2012 and 2014, while those with security-related products fell by two-thirds.
Microsoft has also been singled out, with Windows 8 banned for government use, while Qualcomm was hit with an anti-trust fine of nearly $1bn. Then China introduced a rigorous new Cybersecurity Lawwhich — although seemingly designed to improve baseline security for local organizations — could also provide a legal basis for forcing US firms to hand over source code during national security ‘spot checks’.
This law is the reason Apple has been forced to transfer local iCloud operations to partner Guizhou on the Cloud Big Data (GCBD). It claims to have “strong data privacy and security protections in place” and says that “no backdoors will be created into any of our systems”. But experts are sceptical. Threat intelligence firm Recorded Future previously claimed that the law could give the government “access to vulnerabilities in foreign technologies that they could then exploit in their own intelligence operations.”
That’s not all. By handing over local control of iCloud accounts to a Chinese partner, Apple may be putting at risk the privacy and security of employees of US firms operating in China.
“This latest move by Apple to essentially cede control and operation of its cloud services in China to the Chinese government is part of a larger and disturbing trend by Western technology companies to limit user privacy in exchange for continued access to the Chinese market,” Recorded Future director of strategic threat development, Priscilla Moriuchi, told me.
Hackers could have a head start on researching exploits that US firms have not yet caught wind of. Why does China spot security vulnerabilities quicker than the US?
“Per Apple’s security procedures, GCBD would have access to metadata about Chinese users’ iCloud documents, as well as complete access to any unencrypted @icloud email activity.”
While it’s not clear if this is the case for foreign firms operating in China, the vagueness of the CSL certainly makes it possible.
The big freeze
Now the speculation is that President Trump could escalate what is already a de facto tech Cold War by imposing unilateral sanctions on China in retaliation for claimed IP theft and forced tech transfers. So is a full-blown trade war looming?
China-watcher Bill Bishop is pessimistic of future US-Sino relations. In his popular Sinocism newsletter he had the following:
“I think the forced termination of the Huawei-AT&T deal significantly raises the likelihood that a major US consumer electronics firm with meaningful operations in China will be smacked down at the first sign of a real US-China trade war.
“Beijing assumes the US government is so paranoid about Huawei because it uses US firms to do what it says Beijing does with Huawei, and the Snowden revelations confirmed many of those suspicions. If anything, Beijing has been remarkably tolerant of some US consumer electronics firms given the treatment of Huawei and what we learned from the documents Snowden stole.”
Given the large percentage of US tech firms with manufacturing facilities in China, a trade war would have a catastrophic impact on global supply chains, making parts and products more expensive, reducing choice for IT buyers in the West and devastating parts of the US economy. If the revenue made by large multi-nationals in China were to dry up, jobs would be lost — not only in those firms but all their partners, suppliers and local economies.
Canalys analyst, Jordan De Leon explained just how reliant on foreign suppliers both Chinese and US organisations are.
“In the US Lenovo is the fourth-largest PC vendor and has a massive installed base. It also has key clients in its datacentre business in the US. Similarly, in China, Dell is number two and HP is number four in PCs,” he told me by email.
“In the event of a trade war, though unlikely, these three brands will be impacted. The extreme scenario is if there is legislation that is made to totally ban US-products in China and vice versa, which means businesses in those markets have to comply. China is also an important market for Apple, not to mention the fact that China is a vital manufacturing base for Apple.”
However, Forrester principal analyst, Andrew Bartels, believes strong opposition from big business could be enough to prevent Trump from creating such a scenario.
“A US-China tech war is more likely than US-China trade war, despite Trump’s periodic Tweets, because there are strong institutional forces built around supply chains that would cause big businesses to resist through legal and political action any imposition of trade barriers,” he told me by email.
“The US-China tech war is kind of in an uneasy truce, with the US government tacitly accepting that the Chinese government is favouring its own technology developments and vendors in China, and the Chinese government tacitly accepting that the US is going to put up barriers periodically to Chinese firms buying US companies.”
Ultimately, this dynamic should be enough to temper the policies even of a dogmatic populist like Trump. This is a numbers game, and China has the numbers — both in the size of its domestic market, and the $340bn+ surplus it’s running with the US. Acting tough with Beijing can be a dangerous game to play, and the tech industry is first in the firing line.
Donald Trump made some questionable remarks this week that have rightly caused an almighty backlash. But one thing he did that may have more support, is sign an executive memorandum which will most likely lead to a lengthy investigation into alleged widespread Chinese theft of US IP. This is a big deal in Silicon Valley and something that has irked US business in general for years.
The question is, will this latest strategy actually result in any concrete changes on the Chinese side? As you can see from this new IDG Connect piece, I’m not convinced.
Years of theft
There are few things Democrats and Republicans agree on, but one is that China has had things far too long its own way when it comes to trade. The US trade deficit between the countries grew to $310 billion last year, helped by the growing dominance of Chinese businesses. Many of these have been able to accelerate their growth and maturation thanks to IP either stolen by hackers from US counterparts or take via forced joint ventures and tech transfers. Many of them are selling back into the US or their huge domestic market, undercutting American rivals.
Chinese firms don’t have the same restrictions around forced JVs and tech transfers to enter the US market. In fact, the likes of Baidu even have Silicon Valley R&D centres where they’re able to recruit some of the brightest locals, while government-backed VC firms have been funding start-ups to continue the seemingly relentless one-way IP transfer.
There are, of course, more nuances to the dynamic, but you get the point.
So, will this investigation get us anywhere? After all, it will empower the President to take unilateral action including sanctions and trade embargoes. Well, on the one hand, little gain can be made from stopping Chinese IP hackers, as they have stopped outright theft ever since a landmark Obama-Xi deal in 2015, according to FireEye Chief Intelligence Strategist, Christopher Porter.
“If anything, discontinuing straightforward theft of intellectual property for strictly commercial purposes has freed up Chinese actors to focus more on these other targets than ever before, so the risk to companies before and after the Xi Agreement depends heavily on what industry that company is in and what sort of customer data they collect,” he told me via email.
That’s not to say the Chinese aren’t still active in cyberspace, but it’s less around IP theft, which is the focus of this investigation, Porter added.
“We have seen an increase in cyber threat activity that could be Chinese groups collecting competitive business intelligence on US firms selling their products and services globally—several companies that were targets of proposed M&A activity from would-be Chinese parent companies were also victims of Chinese cyber threat activity within the previous year, suggesting that they may have been targeted as part of the M&A process to give the Chinese company a leg-up in negotiations,” he explained.
Which leaves us with JVs and tech transfers, which have provided Chinese companies with vital “know-how” and “know-why” over the years. To my mind, if there’s any area where the US can and should focus its diplomatic and negotiating efforts, it’s here. However, as reports in the past have highlighted, it took China years to construct a gargantuan, highly sophisticated tech transfer apparatus, and it won’t be looking to bin that anytime soon, especially with the Party’s ambitious Made in China 2025 strategy now in full swing.
Neither side will want to become embroiled in a trade war. The US has too many companies which count China as a major market – it’s Apple’s largest outside the US, for example – and Chinese firms are doing very well selling into the US, as that huge trade deficit highlights.
In the end, my suspicion is that this is just another bit of Trump tough talk which will actually produce very little.
“This long-awaited intervention should also probably be viewed in the larger picture of the way the Trump administration operates: in terms of ‘carrot and stick diplomacy’,” Trend Micro European Cyber Security Strategist, Simon Edwards, told me.
“It is also well documented that the US administration is trying to use trade deals to get action on the situation in North Korea; and perhaps this is more of a stick to be used with the accompanying ‘carrot’ of a greater trade deals?”
Time will tell, but it’s unlikely that US tech companies operating in China, and their global customers, will be any better off after this latest test.
As the dust settles on Donald Trump’s extraordinary ascent to the White House, what do we know of his plans for cybersecurity? I’ve been speaking to a variety of experts for an upcoming Infosecurity Magazine feature and, believe it or not, the majority are not particularly optimistic of the future.
His official website, outlining the Trump ‘vision’ for cybersecurity, focuses on some easy wins:
- An immediate review of critical infrastructure and federal cyber “defences and vulnerabilities” by a Cyber Review Team comprised of members of the military, law enforcement and private sector
- The same team to establish “protocols and mandatory awareness training” for all federal employees
- DoJ to create Joint Task Forces to co-ordinate federal, state and local law enforcement cybersecurity responses
- Defence secretary to make recommendations on enhancing US Cyber Command
- Development of offensive cyber capabilities
Doug Henkin, litigation partner at Baker Botts, said the focus on awareness raising is a positive.
“This appears to be a good development for setting a positive tone to lead from above with respect to best practices for protecting against cybersecurity threats and is also essential for corporations seeking to ensure good cybersecurity preparedness,” he argued.
“It is essential to increase training as the new administration has recognised, while also remaining vigilant to how cyber attacks occur.”
That’s pretty much where the good news ends.
It might be too early to judge president-elect Trump on his cybersecurity credentials. But it must be remembered that, despite his bluster over ‘Crooked Hillary’ and her email blunder, his businesses were found to be a whole lot worse when it comes to security. Independent researcher Kevin Beaumont scanned publicly available records last month and found many of Trump organizations’ messaging servers are running the no-longer supported Windows Server 2003 and Internet Information Server (IIS) 6. He also found 2FA unsupported, meaning user accounts are vulnerable to password phishing or brute force attacks.
What’s more, as a briefing document from think tank the Information Technology and Innovation Foundation (ITIF) tells us, Trump has promised in the past to apply tariffs against China if it “fails to stop illegal activities” and to “adopt a zero tolerance policy on intellectual property theft.”
Given what we know about China, this is a dangerous game to play. Beijing will continue to pretend it is abiding by the agreement between presidents Obama and Xi to stop state-sponsored economic cybercrime. And that could lead to heavy reciprocal penalties on US tech firms in China, such as Apple. The state-backed Global Times has already warned China will adopt a tit-for-tat approach if Trump plays it tough.
Silicon Valley scares
Trump’s election is also a disaster for Silicon Valley. The former reality TV star has expressed support in the past for the FBI’s stance in trying to force Apple into building a backdoor to unlock the San Bernardino shooter’s phone. He even called for a ban on Apple products in response to the firm’s refusal to do so. We can therefore expect more pressure on them to undermine encryption, which would be a disaster for businesses and consumers everywhere, as well as the American tech firms themselves.
As if that weren’t enough, he’s also a big fan of the Patriot Act and will inherit a fearsome surveillance apparatus from Obama. The Democrat is already being blamed for failing to overhaul the huge encroachment on civil liberties enacted by the Bush administration. Writing in the Guardian, Freedom of the Press Foundation executive director, Trevor Timm, had this:
“What horrors are in store for us during the reign of President Trump is anyone’s guess, but he will have all the tools at his disposal to wreak havoc on our rights here at home and countless lives of those abroad. We should have seen this coming, and we should have put in place the safeguards to limit the damage.”
Let’s hope he surprises us all.
China’s head honcho when it comes to censorship recently stepped down. This being China, no-one seems to know whether he was effectively sacked, or asked to move to a new bigger and better role. But what we do know is that things aren’t going to get any better for those inside the Great Firewall.
Over the past three years, Lu Wei has been a constant thorn in the side of rights groups, diplomats and Silicon Valley bosses. His aggressive defence of China’s sovereign right to do with its internet what it sees fit – most notably at the laughably titled World Internet Conference in Wuzhen – has been jarring at times. The Cyberspace Administration of China (CAC) he headed up also runs root CA and .cn operator the Chinese Internet Network Information Center (CNNIC). As such, it was blamed by Google last year for issuing unauthorized TLS certificates for several of its domains, which were subsequently used in man-in-the-middle (MITM) attacks.
Even more damning, the CAC was accused of launching Man in the Middle attacks on Outlook users last year in response to its migration to HTTPS, which the authorities can’t monitor. And then it was pegged for a DDoS attack on anti-censorship organisation Greatfire.org – a constant thorn in the side of the authorities in Beijing.
I spoke to Greatfire.org co-founder Charlie Smith about the reasons for and implications of Lu’s departure.
“If it ain’t broke, don’t fix it, right? We probably just had the quietest anniversary of Tiananmen [Square massacre] yet, in terms of online dissent and discussion. There is more censorship in general. Less circumvention because of a crackdown on VPNs. And fewer foreign companies are trying to challenge the status quo,” he told me via email.
“We know controlling the medium is pretty near the top of [president] Xi Jinping’s agenda. So why make a change now? The timing likely indicates that this was a planned and not a rash decision. There was no need to unsettle things before the 4 June anniversary and the change happens well before the next ‘World’ Internet Conference in Wuzhen.”
Smith went on to argue that, even though Lu presided over an unprecedented crack down on internet freedom – primarily through a new regulation banning the spread of “rumours” online – he didn’t go far enough.
“Lu was not perfect. As we have shown, it is impossible to completely block all information for those inside China,” Smith continued. “Maybe in this regard, Lu was being blamed and Xi decided he wanted somebody who can get the job done. Maybe Xi was upset about being ‘vilified as a murder suspect’ and could not comprehend why Lu Wei was unable to scrub information from the Chinese internet.”
Lu’s removal, if that is what it was, may also have been an attempt by Xi at curbing his growing influence – after all, propaganda is at the heart of the Party’s power and everyone inside knows it. His replacement, Xu Lin, is a Xi Jinping acolyte and one time deputy secretary of Tibet’s Shigatse Prefecture who will certainly toe the presidential line.
As Smith put it, “if Xu Lin fails to quell ‘rumours and slander’ Xi does not have to second-guess whether or not Xu is doing everything within his power to stop these attacks.”
So what prospects for the future? Pretty grim if you’re inside China and are a fan of human rights and internet freedom.
Beijing was one of a few countries – Russia, India, Indonesia included – that voted against a non-binding resolution at the UN this week stating all individuals must be afforded the same rights online as offline and that the universal right to freedom of expression should be upheld online.
As Smith said, if Xu Lin “handles information control on the Chinese internet the same way the authorities handle information control in Tibet then the situation could even get worse.”
There is some hope for businesses and individuals which need to leap the Great Firewall.
The hope is that it will encourage greater use of VPNs and help developers improve their circumvention products, as well as provide a much needed additional source of revenue for Greatfire.
The concern is that if it gets popular enough, Beijing will do all it can to put it out of action.
News emerged a few days ago that Foxconn had effectively laid off 60,000 workers in China and replaced them with robots. “So what?” you might think. And to be honest, if it keeps the cost of our tech devices down, then good for Foxconn, right? Well, unfortunately it’s not that simple.
The changing dynamics of the Chinese labour market could have a profound effect on us here in the West, and even portend similar disruption to our own workforce in the not-too-distant future.
These stories have been doing the rounds for years because – well – contract manufacturers like Foxconn and others have been investing significant sums into robotics for years. Why? The answer’s pretty simple, according to IHS analyst, Alex West.
“Robots don’t need to stop working, but they don’t get drowsy, distracted or depressed either, so quality and consistency of manufacturing is enhanced. With the developments in AI and predictive analytics, robots are also far less likely to get ‘sick’, reducing downtime,” he told me.
To that I’d add that they don’t go on strike, commit suicide or complain to the papers about poor working conditions – all problems Foxconn for one has encountered. But robots can also add value in other ways, such as helping firms win business from their rivals, according to West.
“Robots are evolving, becoming more intelligent as AI solutions help them to ‘learn’ on the job, but also becoming far easier to program and integrate on production lines,” he continued. “Collaborative robots are also making robotic solutions safer and easier to install without the additional safety concerns and equipment.”
There’s clearly a drive for this in China, the tech manufacturing centre of the world. The Chinese government has made investment in robotics a priority in its 13th Five-Year Plan, with IHS forecasting a 30% CAGR. But this threatens to create social instability as human workers are shelved in favour of machines. Foxconn and others claim bots are only used for repetitive tasks that humans don’t want anyway. But there’s no guarantee that there are enough skilled roles to fill the gap.
“Dull, repetitive jobs on the plant floor will be replaced by a range of higher-skilled positions such as robot/systems integrators, programmers, and data scientists supporting enhanced AI,” argued West.
“However, there will be less of these more advanced roles, and some of the type that existing workers will not have the skillsets to be able to transition to.”
This might seem a long way from the UK. But our workforce is also facing a robot invasion – not from these industrial bots, but service robots like Softbanks’ Pizza Hut-serving Pepper. In fact, a Deloitte study has claimed that 35% of UK jobs have a high chance of being automated in the next decade or two.
Robots still only account for 0.3% of all machinery produced in China last year, according to West, so there’s still a long way to go. But it’s probably time to start getting nervous in the UK.