Publish on 2022-12-22

Digital Economy of China and the growing security threat of its IoTs

བོད་ཡིག་ནང་ཀློག་

Key takeaways : 

  • The exponential growth of China’s digital economy with its ever growing IoTs pose serious security implications to the world. 
  • Using Chinese devices, IoTs and network infrastructures gives our adversary a strategic advantage of unleashing their unprecedented surveillance and censorship against us.
  • In the era of information technology, the practice of digital hygiene in our professional and personal lives is very essential. 

China’s digital economy is growing at an exponential rate that can be challenged by few. The digital economy is any economic form that directly or indirectly uses data and information technology to guide resource distribution and improve productivity. It is also referred to as the new economy or internet economy. This new economy of China is swiftly becoming one of the most crucial driving forces for its national economy. China has made the digital economy a critical part of its national development strategy and has developed a detailed roadmap with incentives, new policies and laws to speed up the sector which also presents a range of dynamic growth and investment opportunities. Big data, cloud computing, the Internet of Things, blockchain, artificial intelligence, 5G network infrastructures are the technologies playing a fundamental role in the digital economy. 

The 14th FYP (Five-Year Plan) released on 11th March, 2021 will be focused more on enhancing some strategic areas namely, sensors, digital supply chain of logistics, quantum information, communications, integrated circuits, and blockchain, as well as pushing for technologies like 6G. China’s digital currency, the digital yuan or e-CNY, is the first state-led effort to implement a digitized payment mechanism. The digital yuan enjoys the same legal status as physical yuan and provides the public with a universal payment tool that can be used in all commercial scenarios. China has also built a reputation for many of the world’s largest and most advanced network facilities with around 1.43 million 5G base stations being completed with more than 50 million 5G users. Huge efforts are being made to bring policy changes required for the success of the 14th FYP which include : 

  • Fintech Development Plan” for the year (2022-2025) which is focused on bringing a digital transformation of financial services in the country. It was released by the People’s Bank of China in January 2022.
  • Eastern Data, Western Computing” to create four regional hubs to address challenges in supply and demand of computing capacity to uplift the overall digital capacity of the country. It was released in February 2022. 
  • Measures for Data Export Security Assessment” to do security reviews for cross-border data transfer. It was released in July, 2022 by the Cyberspace Administration of China (CAC) 

Even Though there is this great potential in the digital economy, it isn’t always rainbows and butterflies. Globally there is also a growing shift in the awareness regarding cybersecurity implications relating to online privacy, data security, censorship and surveillance through the unregulated use of big data, 5G, AI and IoTs. Internet economy growth of one country is highly dependent on the global internet economy with its standardization through international regulatory boards. Digital ethics also play an essential role if a country is willing to legitimately expand their digital economy across the globe. However much of the regulatory efforts made by the CCP are controversial for many reasons. China has forcefully implemented regulatory laws and policies regarding digital economy to keep these ventures under their government’s control which are as follows : 

  • “Cybersecurity Law” released in June, 2017 claims to aim for data protection, data localization, for an effort to strengthen national cyber security legislation.However this law requires network operators to cooperate with Chinese intelligence agencies and allow full access to data to the authorities upon request. 
  • “New anti-monopoly guidelines” released in Feb, 2021 which claims to curb monopolistic behaviors by tech giants to encourage fair competition and safeguard consumers. In reality these new guidelines are to retain the power of these tech giants such as Alibaba, Tencent, JD.com and Xiaomi into their own hands and impose decisions that are in line with CCP’s ideologies and global image.  
  • “Data Security Law” implemented from June 2021 claims to be a new pillar of China’s legal framework on information security and data privacy protection. This law apparently focuses on data localization, export and protection requirements but on the contrary, it also implies data localisation of foreign users on their internet platforms and to prohibit the export of data without completing a cyber security review by the authorities. It is their strategy to protect its national security and also to have geopolitical advantage through big data and surveillance technologies in the future.     

Chinese firms are also becoming the global leaders in the development of IoT applications (connected cars, smart home devices, connected industrial equipment) and push new advances in the underlying infrastructure on which the internet itself is operated. The internet nowadays isn’t just a medium of communication but rather a demanding factor to build “things” with real world functions controlled through cyberspace. Due to large scale real world implications of such internet connected things, it is evident that individuals, entities and societies will increasingly be embedded in the IoT. Statistically those who influence the design, distribution and regulation of such emerging internet-connected technological ecosystems often have structural advantage to define and control other nations, often without exerting power or intrusion activities. There are 12 billion IoT connections worldwide by 2020 and the number is expected to go further up to 125 billion by 2030.

The IoTs growth compounds the security risks that are inherent in the internet’s design to enable the free flow of information. Connection of vast numbers of devices with different functions and protocols complicates the task of securing the whole network. The expanding effects of internet-connected objects in the real world are expanding the scope of harmful outcomes that could come from manipulation across the internet. Although China’s rapidly growing digital economy has a reputation of being on the edge of latest technological developments, the lack of ethical practices in China are not so new. Chinese state-backed cyber espionage against individuals and nations compounded with their ever growing censorship and surveillance on their citizens and ethnic minorities is something that worries a lot of other nations.

It presents governments around the globe to reconsider the risks associated with their own national security. In June 2021, The U.S. President Joe Biden ordered a list of 59 Chinese companies that are banned from receiving U.S. investment due to their suspected ties to defense or surveillance technology sectors of the CCP. These include tech giants such as Hangzhou Hikvision Digital Technology, and Huawei Technologies Co., Ltd. The British government has also replaced security equipment provided by Chinese-owned tech companies such as Huawei 5G telecom network, Hikvision and Dahua at offices of their key government officials. Apart from security concerns, Hikvision and Dahua cameras were found to be used in concentration camps throughout the Uyghur region, where 1.8 million Uyghurs and other Turkic minorities have been in internment camps since 2017. According to the publication, CISA, the US cyber security agency, recently warned of critical vulnerabilities in Chinese-made GPS-enabled IoT devices in cars and motorcycles from a report by Bitsight, a U.S cyber security research firm. They were found to contain hard-coded admin passwords and other flaws that would not only allow Chinese suppliers to monitor the location of these devices remotely but to potentially cut off the fuel supply while vehicles were in motion. Hikvision cameras were also found to have command injection vulnerabilities that allow them to gain complete root-shell access to an affected device. 

Even if China is pushing all efforts to expand their IoT products onto the global market through cheap pricings and ease of accessibility, it definitely requires cooperation among governments with distinct approaches to cyberspace, which are driven by divergent political priorities, national security interests and underlying ethical values. Nations worldwide need to be more vigilant and skeptical beyond the economic pressures, so that as long as China’s IoT products and telecom infrastructures are not approved by international standards and regulatory boards, using one can jeopardize the security, integrity and confidentiality of individuals and governments around the globe. Although the universal architecture of the internet was designed for the seamless and open transfer of data, yet governments with their national security, economic and political concerns have imposed growing constraints on use of the internet which is often referred to as “splinternet”. “The Great Firewall of China” which is used to control data transfers and online activity within China’s jurisdiction is one clear example of a “splinternet”. While China has gained a notorious reputation of human rights violations through censorship, surveillance and misuse of big data gathered through its dominant technology products and infrastructure, it is us as individuals who should question the security implications of choosing one, especially when it is for a just cause of nation, movement or a campaign.