China’s Internet of Things John Chen, Emily Walz, Brian Lafferty, Joe McReynolds, Kieran Green, Jonathan Ray, and James Mulvenon Research Report Prepared on Behalf of the U.S.-China Economic and Security Review Commission October 2018 Disclaimer: This research report was prepared at the request of the U.S.-China Economic and Security Review Commission to support its deliberations. Posting of the report to the Commission's website is intended to promote greater public understanding of the issues addressed by the Commission in its ongoing assessment of U.S.-China economic relations and their implications for U.S. security, as mandated by Public Law 106-398 and Public Law 113-291. However, it does not necessarily imply an endorsement by the Commission or any individual Commissioner of the views or conclusions expressed in this commissioned research report. About the SOSi Special Programs Division This project was conducted within SOSi’s Special Programs Division (SPD), the premier open source and cultural intelligence exploitation cell for the U.S. intelligence community. Staffed by an experienced team of cleared analysts with advanced language skills, SPD’s mission is to provide cutting-edge, open source and cultural intelligence support to the collection, analytical, and operational activities of the U.S. intelligence community, with the goal of achieving national strategic objectives. SPD accomplishes its mission through the conduct of objective, independent, and relevant research and analysis, under strict quality guidelines. Comments may be sent to the General Manager of the Special Programs Division, Dr. James Mulvenon. Dr. James Mulvenon General Manager Special Programs Division SOS International 2650 Park Tower Drive, Suite 300 Vienna, VA 22180 TEL: 571-421-8359 Email: [email protected] i Table of Contents About the SOSi Special Programs Division .................................................................................... i Acronym List .................................................................................................................................. v Executive Summary ........................................................................................................................ 1 China’s Approach to IoT Development ...................................................................................... 2 China’s Race to Set International Technical Standards .............................................................. 3 Unauthorized Access to IoT Devices and Chinese Exploitation Efforts .................................... 4 Authorized Access to IoT Data and Privacy Concerns ............................................................... 5 Conclusions ................................................................................................................................. 6 Introduction and Methodology ....................................................................................................... 7 Chapter 1: Overview of China’s IoT Development ........................................................................ 9 China’s IoT Development Strategy .......................................................................................... 10 Defining and Describing the IoT Ecosystem ........................................................................ 10 Competing for Primacy: Chinese Views on IoT Development ............................................ 14 Scientific and Technological Innovation in the Context of Chinese Grand Strategy ........... 16 Government Support for IoT Development .............................................................................. 18 Financial Support for the IoT Industry ................................................................................. 25 The Current State of China’s IoT Development ....................................................................... 30 Problems with IoT Development .......................................................................................... 33 Implications for the United States............................................................................................. 36 Restrictions on Foreign Investment ...................................................................................... 37 Selective Enforcement of Chinese Laws in Favor of Domestic Companies ........................ 38 The Prospect of Technology Transfer................................................................................... 40 Recommendations ..................................................................................................................... 41 Chapter 2: The Standards Race ..................................................................................................... 43 Setting IoT Standards ................................................................................................................ 45 A Fractured Standards-Setting Environment ........................................................................ 46 Major International Standards Bodies .................................................................................. 49 United States IoT Standardization Efforts ................................................................................ 52 U.S. Standardization Efforts Abroad .................................................................................... 53 China’s Push to Set IoT Standards............................................................................................ 60 Domestic Standardization: More than Tech Specs ............................................................... 61 ii China’s Role in International Standardization Efforts .......................................................... 69 Key Points of Contention .......................................................................................................... 97 Multi-Stakeholder Model of Internet Governance ................................................................ 97 5G Frequency ........................................................................................................................ 97 Digital Object Architecture ................................................................................................... 98 Implications for the United States............................................................................................. 99 Recommendations ................................................................................................................... 101 Chapter 3: Unauthorized Access and Chinese Research into IoT Security Vulnerabilities ....... 103 Existing Security Vulnerabilities in the IoT: A Primer .......................................................... 104 Known Vulnerabilities in Chinese IoT Devices ................................................................. 106 Chinese Research into IoT Security Vulnerabilities ............................................................... 108 Overview of Chinese IoT Security Research ...................................................................... 110 China’s Burgeoning IoT Research Ecosystem ................................................................... 111 The Civil-Military Overlap ................................................................................................. 115 Operational Applications for IoT Vulnerability Research: Beyond Securing the IoT ....... 118 Implications for the United States........................................................................................... 122 Recommendations ................................................................................................................... 124 Improving Overall IoT Security.......................................................................................... 124 Risks of Chinese Exploitation of IoT Security Vulnerabilities .......................................... 125 Chapter 4: Authorized Access and Privacy Risks to U.S. Citizens from Chinese Data Access . 126 Chinese Access to U.S. IoT Data ............................................................................................ 127 An Assessment of Authorized Data Access Methods......................................................... 128 Impact on the United States ................................................................................................ 144 Existing Protections for U.S. Data .......................................................................................... 145 U.S. Data Protections: An Inadequate Approach................................................................ 148 Recommendations ................................................................................................................... 149 Authorized Data Access in IoT: .......................................................................................... 149 Specific Risks Posed by Authorized Data Access by Chinese Actors: .............................. 151 Conclusions and Areas for Further Research .............................................................................. 152 Appendix A: Comparison of Application Permissions for Home Management IoT Devices .... 154 Appendix B: Selected Portions of Chinese Laws That Could Enable Data Access ................... 158 Appendix C: Full Text of Selected IoT Company Privacy Policies ........................................... 163 iii Huawei ...................................................................................................................................
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages212 Page
-
File Size-