1 Introduction / Executive Summary
China is an important economy—it is too important to ignore, but doing business with Chinese organizations comes with risks. Many cyberattacks are alleged to originate in China, and Chinese manufactured components are suspected to contain hidden cyber capabilities. In addition, there are both commercial and geopolitical risks.
To manage these risks, it is important to understand China’s worldview. From China’s perspective, it believes that as a socialist country it will meet with strong opposition from other non-socialist countries. Chinese strategy to counter this perceived risk and to realize their global ambitions is to create dependency. The tactics to achieve this include creating leading-edge technology which undercuts that from market led economies and is given freely to developing countries. Telecommunications, 5G networking, and AI are examples of technologies that China has provided to countries with emerging economies.
To accelerate the technological capabilities of Chinese industry, the People’s Republic of China (PRC) army has engaged in cyber espionage over many years. For example, an Indictment filed in May 2014 in Pennsylvania alleges that between 2006 and 2014, the People’s Liberation Army (PLA) conspired to hack into computers of US organizations to steal information that would be useful to their competitors.
In addition to the risk of cyber espionage, China is now a major source of components that are widely used across all industry sectors, and this creates supply chain risks. Geopolitical disputes could disrupt this supply chain in the same way as the recent Covid pandemic. From a cyber security perspective, the components could contain hidden backdoors or undocumented functionality that would allow data theft or remote control.
Organizations need to take steps to manage the risks. Contracts are not the only approach and only work where there is an enforceable legal framework. Organizations must understand the way in which their trading partners behave, expect this behavior, and take steps to manage it. Trading creates a mutual dependency where each side stands to lose if the other is deterred from trading. Organizations must use this knowledge as a negotiating strength.