18 May 2023

US-China Rivalry Exacerbates US Corporate Risk ANALYSIS

Derek S. Reveron, John E. Savage 

Strategic competition between the United States and China is not just geopolitical, but directly impacts US-based corporations and the global economy. While US firms may not be interested in the strategic rivalry between the United States and China, they are nonetheless on the frontlines.

To be prepared for this new environment, companies need to expand their concept of risk beyond assessing financial risks and build networks to collaborate in this new environment. Connectivity through cyberspace exposes corporations to five types of risks: geopolitical, insider, environmental, supply chain, and regulatory.

The US government needs to look at new ways to enable true public-private partnerships. Publishing advisories in advance of geopolitical events is a start, but new approaches are needed to find a balance between the government’s focus on national security and corporations’ focus on multinational operations.

Editor’s note: This is the first paper in the “Expanding the Focus” series in the National Security Studies program. In May 2023, National Security Advisor Jake Sullivan observed that “the future of the United States is going to be defined as much by the energy transition, technological change [and] demographic changes as it will by traditional security matters.” He noted that national security policy must address “the fundamental set of challenges that occupy our minds in every region we encounter: food and health security, nuclear proliferation, climate change, secure supply chains, trusted technology ecosystems and a stable basis upon which people can work to build a better life.” The “Expanding the Focus” set of papers published by the National Security Studies program at the Foreign Policy Research Institute will seek to further define and discuss these challenges.

It’s been more than two decades since US officials recognized the challenges of China’s return to strategic significance. When he ran for president, then-Governor George W. Bush said, the United States “made a mistake [in] calling China a strategic partner … We need to be tough and firm.”

A focus on counterterrorism after 9/11 and optimism that a growing Chinese economy would yield to political liberalization dominated the Bush and Obama administrations. However, hope for US-China relations was supplanted by the Trump and Biden administration’s recognition that the United States is in a strategic competition with China. This competitive lens defines the future of international security. American companies should be advised that they will be on the frontlines of this competition.

While record trade levels between the United States and China may prevent an immediate reversion to a new Cold War and conflict is not inevitable, some US defense leaders are forecasting China’s invasion of Taiwan in 2023, 2025, or 2027. If these forecasts are correct, President Joe Biden has said that the United States would come to the aid of Taiwan. Although the Chairman of the Joint Chiefs of Staff General Mark Milley told leaders to tone down the rhetoric on China, the Director of National Intelligence Avril Haines testified earlier that China does not want a war, but added that “if Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure.” The globally interconnected nature of computer networks exacerbates the uncertainty in assessing this type of risk and challenges corporate leaders to analyze risk.

Geopolitical risk is not new, but geopolitics complicates risk assessment–US adversaries often consider American companies as extensions of the US government, making them targets.

American firms have been dealing with state-sponsored intellectual property theft for a long time. Then-Chairman of the House Intelligence Committee Mike Rogers said in 2011, “China’s economic espionage has reached an intolerable level and I believe that the United States and our allies in Europe and Asia have an obligation to confront Beijing and demand that they put a stop to this piracy.”

President Barack Obama and Xi Jinping declared in 2015 that neither government “will conduct or knowingly support cyber-enabled theft of intellectual property (IP), including trade secrets or other confidential business information for commercial advantage.” The agreement appeared to be short-lived, as Western companies continue to face significant intellectual property theft risk.

Insider risk has been expanding from disgruntled employees going out on their own to foreign intelligence services who are attempting to recruit insiders. In 2020, for example, a Russian national conspired to recruit a Tesla employee to introduce malware on its company’s network. The employee relied on the company’s security program to work with the FBI that led to an indictment. This underscores the importance of employee security training and knowing how to work with the government’s counterintelligence resources to protect networks from foreign intelligence operatives.

Environmental risk to business was underscored when COVID-19 adversely impacted global supply chains. The US-China rivalry adds a new risk with nuclear weapons embedded in defense planning. American defense leaders have been ringing the alarm bells about China’s plans to increase its nuclear arsenal and the challenge of deterring two nuclear powers (Russia and China) simultaneously. Communications could be disrupted by electromagnetic pulses that result from the detonation of nuclear warheads just outside the atmosphere. Risks like these are low probability, but high-impact events but can be exercised through table-top discussions to develop playbooks in case a grey swan events like these occur.

Supply chain risk has the potential to deprive US-based companies of critical minerals and components. China’s dominance of the lithium-ion battery market and the push to an electric vehicle future has led the U.S. government to prioritize North American battery production. Taiwan, which features prominently in the US-China rivalry, is a major producer of semiconductors. Chinese blockades of Taiwan or an outright invasion would disrupt semiconductor exports crippling vast segments of global manufacturing. In recognition of this, Washington is pushing corporations to reshore and near-shore production. However, revising the practice of global supply sources will not be easy.

Regulatory risk also grows for global corporations as governments around the world attempt to impose sovereignty in cyberspace. This manifests in requiring data localization, imposing privacy protections, sharing encryption keys, and banning online platforms outright. The acceleration of artificial intelligence is already resulting in corporations modifying their practices to overcome bans in some countries like Italy and addressing White House concerns that technology leaders “have a fundamental responsibility to make sure their products are safe and secure before they are deployed or made public.”

While companies may not be interested in the strategic rivalry between the United States and China, they are nonetheless on the frontlines requiring preparation. Chris Cleary, the principal cyber advisor for the Department of the Navy, highlighted “We all need to get better at understanding how to learn to fight hurt, because the uniqueness in this space … we all live within the weapons engagement zone of our adversaries, [industry needs to look back at the 1940s and act as the] “ball bearing factories of the future.”

To be prepared for this new environment, companies need to expand their concept of risk beyond assessing financial risks and build networks to collaborate in this new environment. The government needs to look at new ways to enable a true public-private partnership. There are many initiatives underway including a digital trust summit where leaders from across the public and private space met to think about the impact of strategic competition and business.

The views expressed in this article are those of the author alone and do not necessarily reflect the position of the Foreign Policy Research Institute, a non-partisan organization that seeks to publish well-argued, policy-oriented articles on American foreign policy and national security priorities.

No comments: