Why China and the West should work together on cybersecurity problems
Robert Hannigan says China’s investment in artificial intelligence, and its key role in manufacturing hi-tech products, make it an indispensable partner in the cybersecurity realm, regardless of whether the West distrusts it
China and the West have a unique opportunity to cooperate on improving global cybersecurity in a way that could be transformational. To do this, both sides need to keep focused on the common good and find pragmatic ways to address mutual suspicions.
When I first came to Hong Kong as a student, Deng Xiaoping had recently announced the creation of the special economic zones. Over the years, I watched Shenzhen develop from a small town to a city larger than London.
More importantly, it developed from a low-cost manufacturing base, making its name delivering hardware designed outside China, to a global centre for world-leading innovation. Along with other regions, notably the Zhongguancun area of Beijing, Shenzhen has moved upstream. It is now at the forefront of creating new intellectual property: designing and manufacturing cutting-edge technologies.
China’s Next Generation AI Development Plan is delivering a better-organised, much better-funded push into this sector than any Western government has managed. Chinese academics publish more papers on deep learning each year than their US counterparts.
It is this dominant role in the global IT supply chain – both now and in the future – and the growth of high-grade research and innovation, underpinned by the global investment reach of major Chinese companies, that makes China a pivotal player in cybersecurity.
The internet’s creators worried about resilience, but did not have safety or security in mind when they constructed this great engineering project. Criminals spotted this and have capitalised, making huge amounts of money over the past 20 years. As a result, governments, companies and individuals have been scrambling to retrofit security onto the hardware, software, architecture and protocols on which we all rely to manage our lives and businesses.
The structural insecurity of the internet will inevitably be amplified by the internet of things if we don’t take action to improve security standards. Billions of new devices will be connected, producing exponential increases in data around the world. If we are to get the benefits of this revolution, we need to ensure good basic security as a default. If we do not, the devices themselves will be vulnerable and, more significantly, their processing power will be harnessed by criminals to harm others.
As the key producer and, increasingly, designer in the global IT supply chain, China could lead the way in applying good standards, developed in cooperation with the West. As the global centre of the IT industry, China can help us all avoid the mistakes of the past.
For their part, Western countries need to take a more pragmatic approach to Chinese inward investment in technology. Mutual suspicion has led some countries to effectively ban Chinese companies from investing not just in sensitive government organisations, which would be normal for any nation, but in the wider technology infrastructure and supply chain. This blanket approach, based on nationality of the brand name, is irrational in a globalised industry. Some 90 per cent of computers and more than 70 per cent of smartphones are manufactured in China, however Western the famous name on the products.
A more sensible approach is to take the suspicion head on, discuss it,and look at ways of assuring both sides that the technology can be trusted. The UK took this approach when Huawei wanted to invest in the heart of the UK telecommunications infrastructure a decade ago. This investment was clearly to the benefit of UK consumers and Huawei. But allowing any foreign company into the country’s telecoms system would raise potential national security risks. The challenge was to see how these could be managed, rather than allowing unquantified risks to dictate our policy.
As a result, in 2010, we established a cybersecurity evaluation centre within Huawei and funded by the company. Its job has been to look at hardware and software installed in the UK which might have implications for national security. It reports annually and publicly through an oversight board. This mechanism has allowed a major Chinese company to pursue investment which benefits China and the UK, while allowing the British government to reassure itself that it is fulfilling its obligations in managing risks to national security.
This cybersecurity experiment between the UK and a major Chinese company is a first, drawing on the expertise of both sides. It offers a sensible and pragmatic model which we can build on to enable the best of Chinese technology to be available in the West. At the same time, the West should work with China to embed security standards across manufacturing and development. Where the internet is concerned, we all stand to benefit from this cooperation.
Robert Hannigan was until recently director of GCHQ, the UK’s largest intelligence and cybersecurity agency and he set up the National Cyber Security Centre. He is speaking at the GREAT Festival of Innovation, which will be held in Hong Kong from March 21-24