Our lives, economies, and politics are lived online. Increasingly, Americans have become aware of the challenges of cybersecurity but tend to see it in personal terms. (“Don’t click on the strange link!”)
Those in the U.S. government, whether in the Office of the National Cyber Director or in the defense and intelligence agencies, tend to see it from a country risk perspective. Arguably, the most committed U.S. rival in cyberspace is the People’s Republic of China.
Chinese capacities in the dark arts of the cyber domain are top-notch. They have found ways to penetrate some of the most secure systems in the United States and have collected vast amounts of information on millions of Americans. In short, they must be taken seriously as a rival and a threat to U.S. national security in cyberspace and other domains.
HOW THE US CAN CATCH CHINA IN CRITICAL MINERALS RACE
During the last four years, China has been on a charm offensive with the United States. In one example, last year China loaned new panda bears to zoos in San Diego and Washington, D.C. This and other actions help to soften China’s image.
But do not be fooled by the fuzzy cuteness. China does not wish the U.S. well. In its quest for national power, China correctly understands that national power today is deeply tied up with technological dominance.
In a 2022 speech, Chinese President Xi Jinping pledged that China would “win the battle in key core technologies.” A core enabler of these technologies are semiconductors.
Over the past several years, China has gradually, and not particularly subtly, bolstered its technological capabilities. It has invested tens of billions of dollars in an effort to dominate both leading edge and trailing edge semiconductors. Trailing edge semiconductors are the workhorses that make established applications, from cars to mass market smart phones, work. Leading edge semiconductors are powering future applications, including AI systems.
If semiconductors are the foundation of contemporary technologies, the resilience of their supply chains is the foundation of contemporary cybersecurity. As the Israeli pager attack from September dramatically demonstrated, when vulnerabilities are deliberately embedded into technologies, the results can be devastating when they are weaponized. America can ill-afford to be dependent on China in such a fundamental technology.
EXCLUSIVE: BORDER CZAR TOM HOMAN PREDICTS ‘COLLATERAL ARRESTS’ WITH TRUMP MASS DEPORTATIONS PLAN
You may be thinking, isn’t the software that powers these chips what really matters? No, not exclusively. Of course, we have numerous examples of where software is the source of significant vulnerabilities. Nevertheless, it is essential to remember that software drives hardware, and hardware, including semiconductor chips, has its own vulnerabilities.
Of particular importance are risks around the “instruction set architecture.” An ISA is essentially a manual that defines how the hardware of a computer, particularly its central processor, is controlled by its software. It specifies what the processor can do and how. A leading-edge ISA is essential to producing an advanced chip.
Western companies control and monitor most ISA standards, which helps make the chips more secure, but there is also an open-source ISA chip architecture that is increasingly popular in China called RISC-V.
Open source means there can be no U.S. export controls, sanctions, or other government oversight. It is hard to overstate how much time and effort China is saving by not having to build its own ISA.
Unsurprisingly, RISC-V is central to China’s strategy to catch and surpass the U.S. in the global chip race. According to Reuters, Chinese state entities and research institutes have collectively invested at least $50 million in RISC-V projects between 2018 and 2023.
RISC-V began life at the University of California, Berkeley, but is now managed by an international nonprofit organization. According to the New York Times, it changed its incorporation from the U.S. to Switzerland in 2020 to calm “concerns of political disruption.” Its 4,000 members include the Chinese Academy of Sciences, Huawei, and Alibaba.
While this (now) Swiss nonprofit group happily feeds China’s growing technological prowess, a new discovery further raises the stakes. Researchers have recently discovered a major security flaw in RISC-V’s design that would allow hackers administrative level access to the chip architecture. This discovery is a setback for China’s burgeoning chip industry: After all, nobody wants to purchase insecure semiconductor chips. It also raises serious concerns about the security of the millions of RISC-V-powered Chinese chips that are already deployed, which are spread across consumer-, military-, and infrastructure-related technologies around the world.
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
Fortunately, the U.S. government seems to be taking notice, and the Commerce Department is currently reviewing the security implications of RISC-V technology. A bipartisan group of lawmakers has also pressed the Biden administration to address the national security concerns raised by China’s increasing RISC-V investments and its flawed technology.
As President-elect Donald Trump prepares for his inauguration, curtailing Beijing’s ability to access RISC-V freely while concurrently removing deployed Chinese RISC-V chips must be central to his China technology strategy.
Eric Miller is president of Rideau Potomac Strategy Group and a global fellow at the Woodrow Wilson Center.