SUBMITTED STATEMENT FOR THE RECORD OF

KATHRYN WALDRON

FELLOW, NATIONAL SECURITY AND CYBERSECURITY

R STREET INSTITUTE

 

KRISTEN NYMAN

GOVERNMENT AFFAIRS SPECIALIST, NATIONAL SECURITY AND CYBERSECURITY

R STREET INSTITUTE

BEFORE THE

COAST GUARD AND MARITIME TRANSPORTATION SUBCOMMITTEE

OF THE

HOUSE TRANSPORTATION AND INFRASTRUCTURE COMMITTEE

HEARING ON

CHINA’S MARITIME SILK ROAD INITIATIVE:
IMPLICATIONS FOR THE GLOBAL MARITIME SUPPLY CHAIN

OCTOBER 17, 2019

China’s Maritime Silk Road Initiative: Implications for the Global Maritime Supply Chain

CHAIRMAN MALONEY, RANKING MEMBER GIBBS AND MEMBERS OF THE SUBCOMMITTEE:

Thank you for holding this important hearing on China’s Maritime Silk Road Initiative: Implications for the Global Maritime Supply Chain. This statement is offered by scholars from the R Street Institute’s National Security and Cybersecurity team who have studied supply chain security extensively. The R Street Institute is a nonprofit, nonpartisan public policy research organization whose mission is to engage in research and outreach to promote free markets and limited, effective government.

China’s Belt and Road Initiative (BRI) is an ambitious infrastructure development strategy to create a vast global transportation and shipping network aimed at increasing Chinese economic trade. First proposed by President Xi Jinping in 2013, the 21st Century Maritime Silk Road is the sea-based component of this strategy “… designed to extend from China’s coast to Europe through the South China Sea and the Indian Ocean in one route, and from China’s coast through the South China Sea to the South Pacific in the other.” In practical terms, this has led to increased Chinese investment in building and operating ports throughout the world.

While many countries were initially eager to embrace Chinese investment in their infrastructure, concerns over increased public debt have led former partners to shelve development projects. But an inequitable reaping of the economic benefits isn’t the only reason some countries are skeptical of the BRI. Indeed, China’s development of a modern, maritime silk road also has problematic cybersecurity implications. The two main concerns are supply chain risks for ports that dock U.S. ships and cyber risks that would derive from a Chinese “digital silk road.”

Supply Chain Risks for Ports that Dock U.S. Ships

The first concern is that Chinese-built or -operated ports present a national security risk for U.S. or NATO ships docked overseas. Just last year, Shanghai International Port Group, a Chinese company, announced plans to take over management of the Israeli port of Haifa. American stakeholders quickly raised national security concerns over the Chinese-Israeli deal. Former U.S. ambassador to Israel Dan Shapiro stated that “to have a Chinese company operate a port of a close ally potentially poses a significant challenge and maybe a risk for US Navy operations.” Retired U.S. admiral Gary Roughead also pointed out that Chinese port management could allow their intelligence agencies to better anticipate U.S. naval activities. But ship movement isn’t the only information the Chinese could access: “Significantly, the information systems and new infrastructure integral to the ports and the likelihood of information and electronic surveillance systems jeopardize U.S. information and cybersecurity,” Roughhead warned. The potential for hostile foreign governments to access proprietary and sensitive military intelligence is of grave concern to U.S. domestic security, and Congress would do well to address this supply chain vulnerability.

Physical access to ports is not the only maritime supply chain risk involved. China’s construction of a “digital silk road” might pose an even greater risk to the U.S. supply chain. Just as the 21st century version of the maritime silk road manifested itself as Chinese investment in physical infrastructure, the digital silk road would promote Chinese investment in digital infrastructure.

“Digital Silk Road” Supply Chain Concerns

Recent speeches from Xi Jinping and other government officials have pushed Chinese cybersecurity firms to invest in countries where BRI development projects are underway. Their goal, according to Vice-Minister of Information Technology Chen Zhaoxiong, is to build “community of common destiny in cyberspace.” A cyber community of this magnitude fostered by China should raise alarms for anyone in favor of protecting free speech. China’s “Great Firewall” reveals the Chinese Communist Party’s (CCP) need to maintain operational control of any cyber community. Authoritarian-leaning countries that embrace Chinese investment in their ports, like Malaysia and Vietnam, may also embrace China’s exporting of its surveillance technology and policies of authoritarian censorship and Internet control.

Countries more resistant to Chinese-style authoritarianism may also struggle to contain the cybersecurity of their digital ecosystem as Chinese software and hardware becomes more pervasive. The fear that Chinese companies will incorporate backdoors into telecom systems for CCP exploitation has already been a topic of fierce debate thanks to the Huawei situation.

While certain U.S. policymakers may want to bar China from the global digital system entirely, it is simply too late. The digital fabric is too intertwined for any separation to be viable. Unlike the United States, the rest of the world has not shown willingness to ban Chinese companies. Therefore, without allied consensus, we must assume there are no safe systems in cyberspace. Whether a given port is attached to an ocean or a computer, policymakers must keep in mind that China will be keeping a keen eye on everything flowing through it, be it ships or information.

An outright ban-and-sanction plan is infeasible, at least in the long term, in our digitally interconnected reality. The U.S. government does, however, have certain recourses to mitigate supply chain cyber risks.

Policy Recommendations

In order to address maritime supply chain risks, the United States and its allies will have to carefully vet the arrangements they make with regard to port operation and production. The United States should promote economic competition, clearing any trade barriers that impede American companies from bidding on international construction projects. In countries where American companies do not have the capacity to make competitive bids on construction projects, the United States should look for alternative diplomatic opportunities to counterbalance China’s political influence and encourage allies to do the same. U.S. policymakers should also continue to point out the strings attached to Chinese investment. Finally, as ports become increasingly automated, the United States should work with international standard-setting organizations and local governments to ensure appropriate cybersecurity controls are built into port cybersystems.

As a prescription for the larger supply chain issue at hand, the government should consider implementing these strategies on a broader scale. Promoting market competition will allow friendlier producers to enter markets currently dominated by Chinese companies. One of the main issues with Huawei, for instance, is that they are one of the only companies on the path to providing 5G.

Another strategy is working with standard-setting organizations, like the International Organization for Standardization, to limit Chinese influence and ensure fair standard-setting, rather than regulations that would benefit any one country’s products or production methods.

Collaborating with America’s allies to collectively confront bad actors is crucial to ensuring companies with bad practices face enough pressure to change their behavior.

Regardless of the strategic path it chooses, one thing is certain: The United States will have to take decisive action in order to prevent China from gaining outsized influence over the global supply chain and growing from its present nefarious state to an even more dangerous one.

We thank the committee for recognizing the importance of addressing supply chain vulnerabilities. If we can be of any assistance to members of the committee, please feel free to contact us or our colleagues at the R Street Institute.

Kathryn Waldron
Fellow, National Security and Cybersecurity
kwaldron@rstreet.org

Kristen Nyman
Government Affairs Specialist, National Security and Cybersecurity
knyman@rstreet.org