A new US private sector report asserts that China is gaining the inside track on international standard-setting for “Internet of Things” technology, and offers strategies for the United States to keep competitive in the marketplace by maintaining influence over standard-setting while protecting data security.
The report, China’s Internet of Things, was issued by the US-China Economic and Security Review Commission and prepared by SOSi, a private-sector intelligence company. SOSi is described in the report as providing “cutting-edge, open source and cultural intelligence support to the collection, analytical, and operational activities of the U.S. intelligence community, with the goal of achieving national strategic objectives.”
The report was written from the US perspective, and promotes a narrative that the US and China are in a race for dominance over the development and control of new Internet of Things technology.
It describes the Internet of Things (IoT) as “the interconnection of physical and virtual things via information and communication technologies.” It further explains that this “is emerging as the next front in global network infrastructure,” which is expected “to expand exponentially over the next few years, ultimately involving billions of connected devices,” and to be adopted “in essentially all economic sectors.”
Still to be answered, the report says, are “[p]ressing questions about the IoT’s operation, safety, and security,” such as how international standards will develop, how secure new 5G networks will be in terms of “risks and vulnerabilities,” and how US consumer data will “be used and protected here and abroad.”
Race to Set IoT International Standards
The SOSi report presents a narrative in which the US and China are pitted against one another in a strategic race for IoT dominance, which, according to the report, will depend largely upon technology standards.
“Competition over technical standards touches on a larger contest about intellectual property ownership, market advantage, international prestige, and approaches to privacy, security, and control of data,” it says. “Once a global standard is established and accepted, it can put pressure on countries or companies developing other standards to conform to the existing norm, ceding these important benefits to whichever nation’s preferences manage to be adopted as the international standard.”
In this race, the report finds that China is advancing, by gaining ground on standards. “China is currently leveraging a more coordinated and comprehensive strategy than the United States to influence relevant standards for the IoT,” which has consequently resulted in some international standards being “developed with reduced U.S. input.”
The report found that China is increasing its international standardization efforts, following a “centralized plan to effect change at both high and ground levels.” On a high level, China is increasing participation in and “preference for multilateral (one country, one vote) standards institutions over U.S.-backed multi-stakeholder institutions.” Meanwhile on a ground level, China is pursuing “state investment in new technologies, and state-subsidized foreign policy initiatives like the Belt and Road Initiative to encourage other countries to adopt its technology, and with it, its standards.”
US Data Vulnerability
The report argues that IoT “dominance” is not just about economic advantage, but also about national security, stating that adopting the technological standards set by China could leave the US more vulnerable with regard to data security.
The report states that IoT devices manufactured in China have “become common targets for unauthorized access,” partly due to “insecure device configurations,” and it further alleges that China is actively “researching IoT vulnerabilities” to engage in unauthorised data collection and surveillance.
In addition to unauthorised access, the report anticipates that China could gain widespread “authorized” access to US data, such as through consumer agreements to “lengthy terms and conditions documents.” These forms of authorised access allow “companies and governments to gather massive amounts of data,” which the report notes is not helped by the “patchwork nature of U.S. laws and authorities.”
The report concludes that a US approach to addressing these challenges will require “greater coordination between the resources of Washington, the innovative capacity of the U.S. private sector, and perhaps coordinated efforts with U.S. allies abroad.” This must be combined with increased “[p]articipation in international standards bodies, long overdue data privacy legislation, and industry best practices for IoT security.”
Image Credits: USCC