← Назад · ← На главную · ← Назад к списку

[EAI Commentary] Cyber Security and US-China Tech Hegemony Competition: The Complex Geopolitics of Its Evolution

Категория
Комментарии и аналитические записки
Дата публикации
5 июня 2020 г.
Связанные проекты
Будущий рост Китая и построение новой цивилизации Азиатско-Тихоокеанского региона
[EAI Special Series Commentary] Cyber Security and US-China Tech Hegemony Competition: The Complex Geopolitics of Its Evolution.pdf
[EAI Special Series Commentary] Cyber Security and US-China Tech Hegemony Competition: The Complex Geopolitics of Its Evolution.pdf

Editor's Note

Beginning with the trade dispute in 2018, the competition between the United States and China has gradually expanded beyond trade into the technology and energy sectors. To provide a perspective on the future of US-China relations, EAI published a special issue briefing series in July 2019 titled "The Future of US-China Competition: Dynamics of Four-Stage Competition." As a follow-up, EAI has planned a special commentary series, "US-China Competition and the Transformation of the Global Political and Economic Order," to analyze the current US-China competition in depth. The publication schedule is as follows:

1) Lee Seung-ju, Dynamics of the US-China Trade War: Expansion of Scope and the Counterattack of Interdependence (Published August 23)

2) Kim Sang-bae, Cyber Security and US-China Tech Hegemony Competition: The Complex Geopolitics of Its Evolution (Published August 27)

3) Shin Beom-sik, Energy Issues and US-China Strategic Competition (Scheduled for publication August 29)

As the second report in this series, we are publishing a commentary on the US-China tech hegemony war, authored by Professor Kim Sang-bae of Seoul National University. The US-China hegemony war is not just about trade friction but is also unfolding in cutting-edge technology sectors. Based on over 20 years of history of US-China conflict, Professor Kim Sang-bae of Seoul National University discusses the cyber security conflict that has emerged since 2018. The US targeting of Chinese network equipment, including the 'Huawei incident,' demonstrates that the US government considers China a "threat to technological hegemony." China, in turn, is escalating its conflict with the US government, which advocates "America First," by regulating overseas companies' internet services. In particular, at a time when the US-China trade war has extended to issues of national security and legal systems in the technology and cyber domains, the author suggests that a response using the 'complex geopolitics perspective' is necessary.


US-China Tech Hegemony Competition and the Complex Geopolitics of Cyber Security

Recently, the flames of US-China conflict have been spreading across the entire spectrum of US-China relations, not confined to a single domain. The US-China competition is akin to a hegemonic struggle for future power. A prime example of this is the tech hegemony competition between the two countries in the 'Fourth Industrial Revolution' sector, a leading sector. Historically, the trajectory of tech hegemony competition in the leading sector of each era has determined the victory or defeat of the hegemonic and challenger powers and has transformed the structure of the international order. Today's competition in the leading sector between the US and China carries similar significance. However, a distinguishing feature compared to previous cases is that the current competition is taking place in a networked environment mediated by cyberspace, and in this process, cyber security has emerged as a critical issue. Indeed, cyber security has become a legitimate agenda item in international politics since the early to mid-2010s.

Cyber security has now evolved beyond mere hacking aimed at system disruption or intellectual property theft into a complex issue of future hegemonic competition encompassing technology, industry, trade, data, politics, military affairs, legal systems, and international norms. Even seemingly minor security issues, when they increase in number and become interconnected with other issues, exhibit the typical characteristics of emerging security phenomena that create geopolitical crises on a macro level. Cyber attacks are no longer just the playthings of hackers or the means of resistance for terrorist groups. It is an open secret that state-level systematic support lies behind hacking attempts on other countries' critical infrastructure. Regulations on the import and export of IT security products that pose a threat to cyber security are imposed under the guise of national security, and the transnational flow of data is controlled. Internationally, cyber security serves as a justification for rallying allied forces and a pretext for advanced arms races.

As cyber security issues increasingly have the potential to cause inter-state conflicts, the tendency to view these issues through the lens of traditional geopolitics is also gaining traction. Indeed, cyber attacks are considered from the perspective of military strategy for warfare, and the acquisition of material and human resources to support them is emphasized. Actions to deter cyber attacks on a country's critical infrastructure, even through counter-attacks, are gaining momentum. Nevertheless, the world politics of cyber security have evolved into such complex dynamics that they cannot be understood by simply applying the perspectives of traditional geopolitics rooted in past realities. Based on this critical perspective, this paper proposes Complex Geopolitics as a new viewpoint that comprehensively considers various variables that transcend the boundaries of traditional geopolitics.

Evolution of US-China Cyber Security Conflict: From 'Chinese Hacker Threat Theory' to 'Chinese IT Security Product Threat Theory'

In the long term, the history of US-China conflict surrounding cyber security dates back over 20 years. In May 1999, after US forces mistakenly bombed the Chinese embassy in Yugoslavia, Chinese hackers retaliated with hacking attacks on US websites. In April 2001, after a Chinese fighter jet collided with a US reconnaissance plane and crashed off the coast of Hainan, China, Chinese hackers launched cyber attacks. At that time, the term 'US-China cyber war' was first used in the media. In 2003, the 'Welchia virus,' believed to be of Chinese origin, attacked the US government's computer network, temporarily suspending visa issuance services. In the same year, the 'Titan Rain attack,' which hacked into US military research institutes, NASA, and the World Bank, signaled the full-scale cyber confrontation between the US and China. In 2009, there was a large-scale attack by Chinese hackers on over 30 US IT companies, including Google, Adobe, and Cisco, known as the 'Aurora attack.' The 'Shady RAT' attack in 2011 involved Chinese hacking attacks on 72 organizations in the US, including government agencies, international organizations, corporations, and research institutes.

Attacks by Chinese hackers on US critical infrastructure prompted the Obama administration to consider military countermeasures in the 2010s. The so-called 'Chinese hacker threat theory' was one of the hot issues that heated up US-China relations in the early to mid-2010s. In 2013, a report by the US cybersecurity firm Mandiant exposed that Unit 61398, a Chinese hacker unit established in 1997, had been hacking into US corporations and public institutions to steal intellectual property. This led to the US Department of Justice indicting five officers from Unit 61398 in May 2014. Around this time, the Obama administration 'securitized' hacking into national critical infrastructure as a national security issue and elevated cyber security to a core component of national security strategy, advocating a logic of 'militarization' that included responding with missile launches if necessary. Ultimately, cyber security became an official agenda item at the US-China summit in June 2013.

Since the inauguration of the Trump administration in 2017, the US-China cyber conflict has unfolded in a more complex manner. Contrary to expectations, the US-China cyber confrontation has not escalated into military conflict but has instead become closely linked with industrial and trade issues. The Trump administration, under the banner of the so-called 'Chinese IT security product threat theory,' strengthened regulations on IT security products from Chinese companies. In particular, the US exerted pressure on Chinese companies gaining technological competitiveness in Fourth Industrial Revolution sectors such as 5G mobile communications. In fact, Chinese IT companies like Huawei (华为), ZTE (中兴通讯), China Mobile (中国移动), DJI (大疆创新), Hikvision (海康威视), and JHICC (福建晉華) faced various obstacles in their attempts to enter the US market. These issues, disguised as technological competition and trade friction, became more complex by intertwining with issues of cyber security and data sovereignty. This situation was reminiscent of the US-Japan hegemonic competition of the 1990s in the dual-use technology sector, which has significant national security implications.

The Huawei Incident and China's '5G Technology Rise': US Containment

The most critical issue in the US-China cyber security conflict has been the controversy surrounding Huawei, a Chinese telecommunications equipment manufacturer. While there had been conflicts between the US government and Huawei before, they began to escalate to the point of being understood in the context of US-China technological hegemony competition when US intelligence agencies, including the CIA, FBI, and NSA, issued warnings against using Huawei products in February 2018. In August 2018, the US passed the National Defense Authorization Act, prohibiting the use of Chinese network equipment in US public institutions. In December 2018, Meng Wanzhou, Huawei's Chief Financial Officer and daughter of the founder, was arrested on charges of violating sanctions against Iran, bringing the US-China conflict over Huawei equipment adoption to a climax.

In the process of this cyber security controversy, known as the 'Huawei incident,' Huawei's network equipment, a leader in 5G mobile communication technology, became the target. The argument was that Huawei equipment could leak information that could significantly impact US national security through 'backdoors,' and therefore, not only US government agencies but also private companies should refrain from adopting it. The emphasis was placed on the fact that the danger of Huawei equipment in the hyper-connected society of the Fourth Industrial Revolution era was not merely a technological issue but a matter of national security. During this process, the claim that Huawei backdoors posed a real security threat and the argument that this was merely a threat constructed by the US through the process of securitization clashed fiercely.

While the US government's claims that adopting Chinese network equipment could pose a security threat may be valid, especially given Huawei's growth with Chinese government support and its lack of transparency, the issue becomes more complex because the US government has not presented objective evidence of security threats. Nor has Huawei presented clear evidence that its equipment does not pose a security threat. Huawei's stance has been that there have been no security issues with its equipment so far, and if any problems arise, it would shut down the company. It was like an argument over a 'black box,' asking whom to believe.

Regardless of whether Huawei's telecommunications equipment poses an actual threat to US national security, it is clear that the technological pursuit of Chinese companies, represented by Huawei, threatens US technological hegemony in the 5G era. Huawei's products are not only price-competitive but also boast world-class technological capabilities, holding a 28% market share in the global mobile communication equipment market as of 2018, making it the world's largest. This suggests that strong US concerns about China's '5G technology rise' are behind the Huawei incident. In particular, the US dissatisfaction stems from China's growth through practices such as stealing technological secrets or forcing technology transfers. The US government's complaints about China's government-led policies, such as 'Made in China 2025,' can be understood in a similar context.

US Cyber Alliance Diplomacy and Its Cracks

By early 2019, the US government's wrangling with Huawei began to expand its front internationally. In late 2018, the Trump administration urged its key intelligence allies, represented by the 'Five Eyes,' to join the Huawei boycott. It pursued a hardline approach, seemingly aiming to completely eliminate Huawei equipment from the international market. In response, Australia, New Zealand, and the United Kingdom showed moves to exclude Huawei from their 5G supply chains by the end of 2018. Canada, despite its conflict with China, arrested Meng Wanzhou at the US's request, and Japan also decided to exclude Huawei from government procurement bids.

However, in late February 2019, key US allies, who had appeared to join the US pressure to avoid Huawei equipment, began to show signs of deviating from the international cooperation front. The UK's National Cyber Security Centre (NCSC) concluded that the security risks of Huawei equipment could be mitigated, and Germany also stated that it had no plans to exclude Huawei equipment. New Zealand, which had excluded Huawei in 2018 at the US's request, saw its Prime Minister hint at a possible change in stance. France also stated that it would not boycott specific companies.

These countries' withdrawal was influenced not only by the practical burden of building 5G networks without Huawei, a leading company in the 5G sector, but also by resentment towards the US's attempt to unduly 'rally its side' in the US-China competition under the banner of 'America First.' Facing a situation that could lead to a breakdown, President Trump, on February 21, 2019, tweeted, "I want competition to win in the US, not to block out advanced technology," showing a slight softening of his hardline stance. This was seen by many as a de facto collapse of the US's anti-Huawei front.

However, the Huawei incident entered a new phase on May 14, 2019, with President Trump's executive order. US authorities placed Huawei on the Entity List, citing national security threats, and demanded that major private IT companies cease business with it. The Trump administration granted a 180-day grace period for these sanctions to minimize the damage to US companies doing business with Huawei, but measures to tighten the noose on Huawei are expected to continue. Indeed, major companies such as Google, Microsoft, Intel, Qualcomm, Broadcom, Micron, and ARM have suspended product supply contracts and terminated technology agreements with Huawei.

From 5G Mobile Communications to Drones and CCTV?

The recent developments suggest that the issue is expanding beyond the security concerns of Huawei equipment related to the commercialization of private 5G mobile communications to other technological and industrial sectors with more military and political implications. Entering the second half of 2019, the US, following Huawei, has once again brought up sanctions against the civilian drone manufacturer DJI and the CCTV manufacturer Hikvision. Looking back, DJI faced sanctions discussions in September 2018 over allegations of infringing US patents, and Hikvision had raised concerns about its market entry in the US by US authorities in November 2017.

On May 20, 2019, the US Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) revealed that Chinese drones transmit sensitive flight information to China, which the Chinese government can access. CISA warned this as a 'potential threat' to information held by government agencies. Although CISA did not name specific drones, it was effectively referring to China's DJI. In response, DJI immediately retorted, "Our technology is safe," but CISA advised its consumers to exercise caution when purchasing Chinese drones and to separate their internet equipment. This action was reminiscent of the technological security disputes raised regarding Huawei's backdoors.

Meanwhile, on May 22, 2019, reports indicated that the US government was considering placing China's CCTV manufacturer Hikvision on the Commerce Department's export control list. Hikvision is not only a global leader in CCTV manufacturing technology but is also renowned for its facial recognition and other identification technologies that analyze human behavior and physical characteristics to identify specific individuals. The Chinese government actively uses these technologies as surveillance tools to control ethnic minorities and dissidents. The pressure on Hikvision for CCTV has been interpreted not only as the US containing China's technological rise and criticizing the collusion between the Chinese government and IT companies but also as targeting China's human rights issues on the 30th anniversary of the Tiananmen Square incident.

Data Sovereignty and International Norms in Cyberspace

The US-China cyber conflict, as examined above, is also intertwined with interests in data security. Since the Edward Snowden incident in 2013, personal information protection and data security have become issues of US-China national security. Concerns about data leakage by US multinational corporations led to China's Cybersecurity Law. This law requires foreign companies handling personal information collected in China to maintain data servers within China and to undergo security assessments by Chinese public security authorities if they wish to transfer data abroad for business reasons. This was interpreted as an attempt to censor and control foreign companies' services in China and to prohibit the transfer of data containing personal information abroad under the guise of data sovereignty. Although the law was fully implemented starting in 2018, its enforcement was postponed to early 2019 due to opposition from foreign companies.

Indeed, based on this law, the Chinese government has regulated internet services of foreign companies such as Google, Facebook, YouTube, Instagram, and WhatsApp. On July 31, 2017, Apple had to remove about 60 applications related to Virtual Private Networks (VPNs) that bypassed internet censorship systems from the Chinese App Store. Amazon Web Services (AWS) also sold its Chinese business assets in November 2017. In early 2018, Microsoft and Amazon moved their data to data centers in Beijing and Ningxia, respectively. Furthermore, immediately after the implementation of the Cybersecurity Law, Apple had to transfer all personal information and management rights of its Chinese users to the local government of Guizhou province, China, and in February 2018, it announced plans to build a second data center in the Inner Mongolia Autonomous Region of China.

If China's actions reflect the differences in US and Chinese policies and ideologies regarding the internet, then the "World Internet Conference" (World Internet Conference), held in Wuzhen, Zhejiang Province, from 2014 to its fifth iteration in 2018, serves as an example showcasing the differing stances of the two countries on the formation of international norms in cyberspace. China's hosting of the World Internet Conference is intended to counter the US-led initiative in global internet governance. From its inception, the World Internet Conference has been positioned as a counterpoint to the Western bloc's initiatives, represented by the 'Internet Governance Forum.' Particularly after the Snowden incident in 2013, China sought to check the US's leadership in global internet governance and to rally non-Western international blocs led by China. This was a challenging move based on the perception that China's cyber sovereignty would be constrained under the current US-led system.

Behind this stance lies not only the nature of China's domestic system but also China's vision for the future order of cyberspace. This vision aligns with the political vision of the World Internet Conference, which seeks to establish an independent jurisdiction in cyberspace in opposition to the Western bloc. China's underlying intention is likely to build a new order centered around China, rather than simply being incorporated into the US-led system. In the process of establishing the future order of cyberspace, it likely aims to use the 'Chinese Dream' as a blueprint, replacing the 'American Dream.' This process may well be an attempt to recreate the glorious Chinese world order (天下秩序) of the past in the digital age.

Korea in the Context of US-China Complex Geopolitical Competition?

From the perspective of complex geopolitics, the US-China cyber security conflict is evolving across various domains. The most prominent aspect is the geopolitical competition waged under the guise of technological hegemony. This is not only evident in cyber security controversies like the Huawei incident but also shows signs of intertwining with political and military security issues related to other dual-use technologies. On the surface, this conflict manifests as trade friction between the two countries stemming from a decline in US technological competitiveness, and the accompanying friction in protectionist laws and regulations. Furthermore, at the forefront of these complex US-China cyber conflicts is the competition in security discourse, where both countries 'securitize' advanced technology issues as national security matters. Through this security discourse competition, both the US and China are vying to rally their allies and establish international norms in cyberspace favorable to themselves.

How should South Korea respond to this US-China competition, which is unfolding on a complex geopolitical stage? As seen in the recent controversy surrounding a domestic company's adoption of Huawei equipment, the US-China cyber security conflict has the potential to emerge not merely as an issue of technology and industry but as a matter of security and politics. There is a risk that the US-China technological hegemony competition could create a geopolitical crisis for South Korea caught in the middle. In other words, the US-China cyber competition may force South Korea to make more complex geopolitical choices, including traditional alliance and diplomatic considerations, rather than simple technological choices. In conclusion, it is a critical time when wisdom is urgently needed to properly read the evolution of the US-China technological hegemony competition from the perspective of complex geopolitics and to devise appropriate countermeasures. ■

■ Author: Kim Sang-bae, Professor, Department of Political Science and International Relations, Seoul National University. He graduated from the Department of Diplomacy at Seoul National University and obtained a Ph.D. in Political Science from Indiana University. His main research areas include information, communication, and networks in international relations. His major works include "Virtual Shields and Net Defenses: The World Politics of Cyber Security and Korea" (2018), "Arachne's International Politics: The Challenge of Networked World Politics Theory" (2014), "Information Revolution and Power Transformation: A Networked Political Science Perspective" (2010), and "Standard Competition in the Information Age: Wintelism and Japan's Computer Industry" (2007).

■ Managed and Edited by: Kim Se-young, EAI Research Fellow

Inquiries: 02 2277 1683 (ext. 208) I sykim@eai.or.kr


[EAI Commentary] is a commentary series designed to provide a platform for experts from various fields to offer in-depth analyses and policy recommendations on major domestic and international issues. Please cite the source when quoting. EAI is an independent research institution independent of any partisan interests. The claims and opinions expressed in reports, journals, and books published by EAI are not affiliated with EAI and solely represent the views of the individual author.

*Этот текст — AI-перевод оригинала, написанного на корейском. Возможны неточности перевода или утрата нюансов.

← Назад · ← На главную · ← Назад к списку