Don’t let China take over the cloud — US national security depends on it 

Most Americans would assume Huawei was left for dead after the U.S. government led a global multi-pronged campaign against the company’s 5G business in 2019. However, in recent years Huawei has reinvented itself into, among other things, a leading cloud services provider (CSP). They are now expanding rapidly around the world, while other companies from China, such as Alibaba, Tencent and Baidu are following suit to capture the global market.  

Cloud is the backbone of nearly all emerging technologies, including 5G, AI, robotics, autonomous vehicles and biotechnology. If China gains the upper hand in building the world’s cloud networks, information infrastructure will be built to Chinese standards, resulting in users becoming significantly more reliant on Chinese technology going forward.  

This is especially troubling as China’s national intelligence laws make it incumbent on China’s service providers to cooperate with any government requests — meaning Beijing can use gain access to stored data without the owner’s consent. In the future, even more data will go through the cloud than goes through telecom networks. It is therefore imperative that China’s regime cannot have access to this data, which could support their commercial and military ambitions. 

Like China’s initial 5G push, in recent years Chinese cloud service providers have experienced rapid growth, and are expected to more than double in size in the coming years. Chinese cloud providers are already operating in the United Kingdom, Japan, Australia, the Philippines and South Korea — all key U.S. allies. Chinese firms are making major inroads in developing nations across Southeast Asia, Latin America and Africa. And Saudi Arabia is now Huawei’s core data center for its cloud services in North Africa, the Middle East, and Central Asia.  

Beijing is directing massive amounts of top-down support to targeted strategic industries, including cloud computing. Their cloud providers are heavily subsidized by the government, allowing them to undercut competitors on price and expand their infrastructure globally. They are also leveraging their 5G wireless business to add cloud infrastructure to existing networks and data centers that are built for 5G, and then offering it to governments for a limited cost, as a recent CSIS report notes. Such measures are troubling because it helps cement China’s control over the entire information and communications technology space that enables access to a nation’s critical infrastructure. 

In Southeast Asia, for example, Alibaba, Huawei and Tencent run more availability zones than AWS, Google or Microsoft, with plans to invest hundreds of millions more in the region in the coming years. And in Latin America, Chinese cloud providers are growing at more than 60 percent per year, with Huawei Cloud customers in the region doubling in 2021 alone with two data centers in Mexico and others in Peru, Chile, Argentina, and Brazil. 

If this pace continues without urgent action to mitigate these threats, the U.S. could lose its leadership position on cloud in a matter of years, rather than decades. What is required is a whole-of-government response, similar to the effort deployed against Huawei 5G in 2019, to turn the tide before it is too late.  

The Commerce Department’s new measures to constrain China’s technological advancements in cloud through export controls are a good first step, yet they must go further with tightening of entity listing on specific providers, including Huawei and Alibaba.  

Additionally, to truly compete, a more robust “promote” strategy is needed to ensure the U.S. remains the global leader in cloud and to enable U.S. firms to compete against Chinese firms backed with large subsidies and seeking to undermine U.S. strategic interests. This means also being prepared to compete in countries and markets that may not be the most profitable for business, but are still critical for our national security. The U.S. and our allies cannot allow China to own the cloud infrastructure of the global south. 

The Biden administration must issue and implement a comprehensive U.S. cloud computing strategy that invests in trusted cloud infrastructure development and cloud security domestically and globally, to ensure that Chinese companies do not use unfair means to gain inroads and market share globally. This strategy should also be complemented by investments from Congress to secure our cloud infrastructure supply chains, including incentivizing the domestic production of GPUs and nearshoring such production with reliable countries. 

The U.S. government also needs to promote trusted digital infrastructure abroad to create alliances of digital trust. Just as the U.S. is working with other countries to secure semiconductor supply chains, it must work with like-minded partners to secure cross-border data flows, predominantly facilitated by trusted cloud infrastructure. This is an area where the Departments of State, Commerce and Defense, as well as the Office of the U.S. Trade Representative, the Development Finance Corporation, and other agencies, should advocate for a multilateral agreement with allied governments on a framework for trusted cloud infrastructure that can be reflected in national regulations.  

The U.S. government can help elevate these efforts by taking steps to train public officials in emerging markets on establishing government procurements practices and policies that require the use of trusted cloud infrastructure, including adoption and adherence to the OECD Principles on Government Access to Personal Data Held by Private Sector Entities. The Biden administration should also advocate with allies for multilateral development bank financing for secure digital infrastructure, including financing for operational expenditures for secure cloud services that meet the highest cybersecurity standards. 

Finally, the U.S. government should push back against foreign data localization efforts seeking to push out U.S. cloud service providers or give the Chinese firms an unfair advantage. Similar to how the administration has elevated the importance of using trusted telecommunications infrastructure and subsea cables with allies and partners, the same should be done with cloud. The silver lining is that the U.S. has an advantage with major U.S. cloud service providers being able to fill that need. And the administration should support U.S. cloud service providers’ inclusion in allied and partner digital infrastructure. 

The U.S. is still fighting a battle on 5G infrastructure in the developing world. If we do not move swiftly to secure our leadership position on cloud computing, we risk waking up in a few years and wondering how we allowed the same thing to happen all over again. As cloud companies race falling under the sway of Mainland China’s regime build cloud infrastructure around the world, the U.S. must better position itself to lead in cloud services, or risk losing our technological edge over China. 

Adm. Mark Montgomery (Ret.) is senior director of the Center on Cyber and Technology Innovation at the Foundation for Defense of Democracies. Eric Sayers is a nonresident fellow at the American Enterprise Institute.