The Huawei Paradox: cyber-risks in a deteriorating geopolitical climate

Updated: Feb 24

One firm has become emblematic of risk in the deteriorating geopolitical contest between the United States and China. Huawei is a national champion of China’s emerging technology sector but is feared by the US and some of its allies as a potential vector of cyber-attacks including espionage and sabotage. In a world of connected technology, the paradox is that in the absence of trust and international cooperation, firms such as Huawei cannot disprove worst-case risk scenarios. The logic of the Huawei paradox threatens decoupling and bifurcation of the world into two rival technological systems, with repercussions for international security, international relations and the international economy. A political risk analysis and assessment concludes that the risks originate from geopolitical factors rather than factors specific to the firm or country of operations and can therefore only be resolved (if there is political will) at the level of global governance with enforceable rules, norms and standards and at the level of national governance with risk avoidance or risk management and mitigation measures.


The extraordinary case of Huawei, a world-leading private sector firm from China, and the United States (US) government campaign to remove the firm from global supply chains, is playing out as a critical case in the deteriorating geopolitical contest between the two major powers. The trajectory of the Huawei story remains uncertain at the time of writing, but it raises a paradox that warrants further investigation - that, in an absence of trust and international cooperation, firms such as Huawei cannot disprove fears of worst-case scenarios of malicious cyber activity. The logic of this paradox leads to the inevitable debate, currently underway, about decoupling between China and the US and bifurcation of the world into two rival technological systems. Accepting the limitations of analysing a contemporary case – with results yet to be seen – this paper applies a political risk framework in seeking to understand the issues and their implications for governments, firms and communities.

After four decades of economic modernisation, China’s economy is transitioning from a high-growth phase of low-cost manufacturing and capital investment to a new phase of demand-driven, higher value production, seeking to avoid the so-called middle-income trap. The vibrant private sector-dominated southern city of Shenzhen, a traditional base for economic reform and opening, has become a hub for technological innovation and is home to tech innovators such as Tencent, DJI, ZTE and Huawei. The government’s so-called “Made in 2025” strategy to become more self-reliant and a globally competitive leader in new technologies, including mobile telecommunications, artificial intelligence and quantum computing, has been met with alarm in the US and Europe, which have traditionally enjoyed technological dominance (Zenglein & Holzmann, 2019). In recent years, as US President Trump launched a trade war with China, accusations were commonly levelled that Chinese firms were engaging in cyber-espionage and hacking to steal corporate secrets (RWR Advisory Group, 2019). The risks became heightened as new high-speed connectivity and transportation capabilities of Fifth Generation (5G) communications networks promised in the near future to transform the application of big data and artificial intelligence, joining up not only information but an “internet of things” driving devices such as autonomous vehicles and even including weapons.

Huawei Technologies Co. Ltd., one of China’s leading telecommunications firms and a global leader in 5G, has been singled out in recent years, as both a competitive threat to other industry players and as a claimed cyber-security risk. The firm is certainly a major competitive threat to the US aspirations to maintain technological dominance. Over decades, Huawei invested in a massive research and development effort to achieve its market-leading position. Like other globalised Chinese firms, it became deeply embedded in international supply chains, partnering with firms and governments around the world, developing national broadband infrastructure and other communications network and consumer products and services.

Huawei has long been considered a national security risk by the security establishment of the US and some of its allies because of the military background of its founder, Ren Zhengfei, and other staff links to state security services (Balding, 2019), although no evidence has been presented publicly of widely-repeated claims that Huawei has facilitated espionage. In turn, Huawei has consistently denied the claims.

In August 2018, Australia became the first country to effectively ban Huawei from supplying a 5G network on national security grounds, after previously excluding Huawei from developing its national broadband network and from laying a broadband cable between Australia, Solomon Islands and Papua New Guinea. The decision attracted international attention, because Australia had for many years been one of the most economically integrated G20 economies with China, enjoying a massive trade surplus, while at the same time being a staunch US ally. The decision was reportedly based on an intelligence assessment that Chinese firms could theoretically be required by the Chinese government to compromise Australia’s 5G network (Hartcher, 2018; Hunter, 2019; McKenzie & Galloway, 2020) and that Australia was incapable of mitigating risks of implanted network coding or equipment backdoors that could threaten critical infrastructure (Bryan-Low, et al, 2019; McKenzie & Galloway, 2020). The head of the Australian Signals Directorate’s signal intelligence and offensive cyber missions, Simeon Gilding, noted trust had been eroded by recurrent Chinese hacking of foreign networks, including in Australia (Gilding, 2020).

Following the Australian decision, the US administration stepped up its campaign against Huawei. In May 2019, the US Commerce Department placed Huawei on a trade blacklist, including restricting access to US components, citing national security concerns (Lim & Ferguson, 2019). Despite Huawei’s 5G leadership, the US moved demonstrated its asymmetric market power because of its continued technological superiority in advanced semi-conductors and computer chips, on which firms such as Huawei depend (Fernandes, 2019). The move forced Huawei to replace US-sourced components, which it had initially achieved by the end of 2019 by sourcing components from non-US suppliers, but its inability to license popular US applications such as those previously sourced from Google caused a fall in Huawei mobile phone sales in Western markets (Whalen & Fifield, 2019).

In a dramatic episode in December 2018, the US requested Canada to arrest and detain Huawei’s Chief Financial Officer, Meng Wanzhou, while she transited Vancouver airport, travelling between Hong Kong and Mexico. The US sought her extradition for fraud, charging that Meng covered up attempts by Huawei entities to evade US sanctions against Iran. The personalised action against Meng (who happened to be founder Ren’s daughter) suggested an element of geopolitical theatre. Targeting a senior executive is a highly unusual action and, indeed, numerous US and other international firms have been pursued for violating US sanctions against Iran but senior executives have not typically been arrested or taken into custody (Sachs, 2018). The drama continued with China detaining two Canadians, Michael Kovrig and Michael Spavor, on spying charges, in what appeared to be alarming tit-for-tat punishment of Canada. Further, in 2019, Huawei was charged by the US with stealing intellectual property (Department of Justice, 2019).

The campaign continued in phases to pressure Huawei, while escalating a tense geopolitical confrontation with China. In early 2020, the US government provided US$1 billion for telecommunications carriers to “rip and replace” Huawei and ZTE equipment from US networks (Heater, 2020). In May 2020 the US Department of Commerce introduced new requirements for foreign chip makers that use US technology to apply for a licence to sell chips to Huawei, then a few months later closed that loophole altogether, in a further squeezing of Huawei’s supplies of advanced semiconductors (Li, Cheng & Yu, 2020; Department of Commerce, 2020).

Then the Trump administration’s economic coercion was matched with a new ideological “clean” versus “dirty” narrative. In August 2020, the US government unveiled its so-called “Clean Network”, an alliance of “trusted” countries and firms committed to removing “authoritarian malign actors, such as the Chinese Communist Party” from their cyber supply chains (Department of State, 2020). It was accompanied by a range of measures securitising tech supply chains such as increased investment in strategic research and development to compete with China, a fund for re-shoring semiconductor manufacturing to the US and a $60 billion International Development and Finance Corporation to encourage developing countries not to buy from Chinese suppliers (Capri, 2020). Moves were even made by the Trump administration to ban popular Chinese app WeChat and to force the sale of another popular app TikTok to a US company, although at the time of writing it was unclear of the outcome.

Despite the US campaign against Huawei, the firm nevertheless continues – at the time of writing - to be an attractive partner to a wide range of governments, firms and consumers across much of the world because of its technological leadership and cost competitiveness. Huawei has partnerships with more than fifty international carriers to provide 5G network equipment and services (Pham, 2019). In the advanced market of Europe, there is a highly competitive environment between Huawei, which is recognised as the leader in 5G network technology and the lowest cost supplier, and Ericsson, which is considered by many in the industry to provide higher quality. Huawei has won contracts to supply half of the 5G network in Germany and Spain, while on the other hand Ericsson has won contracts in Norway and Hungary (Fletcher, 2019).

Both Germany and the United Kingdom (UK) planned to proceed with Huawei for non-core components of their 5G networks despite confidential US security briefings (Ikenson, 2019; Perez, 2019; Mikhailova, 2020), although after the US extended its sanctions on Huawei the UK announced it would delay its 5G rollout and phase out all Huawei equipment by 2027 (Dowden, 2020). UK intelligence agencies have scrutinised Huawei, which allows full examination of its hardware and software products by local security experts at a jointly-managed cybersecurity evaluation centre. While the centre reported technical issues of concern in Huawei’s engineering processes, it did not believe these were the result of Chinese state interference (Soo & Zhang, 2020).

In the developing world, no countries have been willing – so far - to give up the option of utilising Huawei, despite US pressure, although India is expected to do so. Huawei has been a longstanding provider of wireless networks (from 3G to 4G) and other services and products from countries of Asia Pacific to Africa (Gu, 2019). Huawei has also been a key actor in China’s so-called “digital silk road” partnerships utilising concessional finance to aid developing countries in building satellite, underwater and terrestrial communications networks and so-called “safe cities” utilising artificial intelligence technology for facial recognition. While the latter projects are ostensibly aimed at improving public safety and crime detection, such as in Huawei’s home city of Shenzhen where authorities claim more than one million surveillance cameras have helped solve 80 percent of criminal cases (Zheng, 2019), these programs have also been accused of exporting the Chinese “surveillance state” model (Dirks & Cook, 2019; Hillman & McCalpin, 2019). Critics point to risks that Huawei and its Chinese partner firms are establishing infrastructure that could provide the Chinese government access to data from foreign countries, extending Chinese governance models and enabling authoritarian surveillance and social control (Polyakova, 2019). Huawei has even been accused of providing intercepted data to African governments to spy on, locate and silence political opponents (McMaster, 2020).


A political risk framework is utilised in the discussion below, including (as recommended by Sottilotta, 2017): risk identification, risk analysis, risk assessment and, finally, an outline of risk management approaches. Political risk is traditionally understood in international business literature to be concerned with comprehending, forecasting and responding to “macro” and “micro” non-economic discontinuities, such as socio-political, cultural or other factors in the external environment that impact on international actors (Robock, 1971). Macro factors are commonly identified at the country level, sometimes described as the “catalogue school” (Jarvis, 2008), because such an approach tends to generate a list of salient factors in the national governance environment that generate risks, from policy instability to corruption and law and order issues. Micro factors are usually understood to be those that are generated by a particular firm or a particular project (Alon & Herbert, 2009). In all cases, a risk indicates a likelihood of an event or process that can be identified, understood and managed or mitigated (Fägersten, 2015), even if there will always be uncertainty about factors that can inevitably be perceived subjectively (Kobrin, 1979).

There is a further category of political risk that is expected to relevant to this case: geopolitical risk. This is a term traditionally applied to measurable conflicts or other events or processes disrupting international peace and security such as, for example, Russia’s hybrid warfare tactics in Ukraine or the destruction caused by international terrorism (Wernick, 2006). More particularly for this discussion, geopolitical risk has also been understood as describing the effects of major power competition, but it has usually been represented in positivist, zero-sum surveys of “objective” factors such as competition for resources, ports and industrial regions (Sykulski, 2014). Whether the US campaign against Huawei can be reduced to a zero-sum attempt to squeeze out a geopolitical rival, or whether it raises more complex questions including technological security, remains an unanswered question. The claimed risks, however, certainly arise because of the geopolitical contest between the US and China.

Political (or geopolitical) risk can be assessed quantitatively and qualitatively. International financial institutions, political risk advisory firms and scholars (such as Alon & Martin, 1998) have developed elaborate models with weightings for each risk and produce rankings for risk to provide general guidance for decision makers. This approach is applicable, for example, to predicting the likelihood of political instability or corruption in a particular business environment or for estimating effects of war or terrorism. However, many political (and geopolitical) risks are processes that are more usefully investigated qualitatively (Fitzpatrick, 1983). The evolving case of Huawei in the contemporary, deteriorating geopolitical climate, will be discussed here in qualitative terms. There is no consensus around the claimed risks, with competing narratives about international relations and subjective views about security, governance, economic and social implications.

Risk identification

Security risk/threat

The case of Huawei has become emblematic of deteriorating relations between the US (and some of its allies) and China, evoking fears of security threats embedded in national telecommunications networks connecting populations, devices and critical infrastructure. While the author has no access to US or other intelligence assessments, the claims on the public record that Huawei could be a vector for, firstly, cyber-attacks such as sabotage of critical infrastructure are very serious claims indeed. The claims indicate that, even if likely in only “worst case” scenarios of major power confrontation or conflict, a perceived cyber-attack risk exists, which could indeed constitute a security threat if actualised against strategic infrastructure or systems. Secondly, the espionage claims represent qualitatively different, although also serious, security questions. Even in “normal” conditions of geopolitical competition, without escalation to confrontation or conflict, states can be expected to engage in espionage, including cyber-espionage. Given the well-established evidence of sophisticated espionage by the US and its “Five Eyes” partners, it is highly likely that China would also utilise all available means to conduct espionage. Huawei’s widespread presence in international telecommunications networks therefore generates a reasonably-founded espionage risk although, as will be discussed below, no publicly-available evidence of such exists and the firm denies it would agree to government demands for spying. Thirdly, Huawei’s involvement in digital silk road partnerships between China and a wide range of developing country partners is claimed to generate a security risk that China will export its “surveillance state” model. Overall, the Huawei paradox raises considerable security risks.

International relations risk

The campaign against Huawei (on the basis that it is a Chinese, albeit private sector, firm) in itself potentially undermines international cooperation in developing rules, norms and standards for the digital economy. The US-led “Clean Network” seeks to decouple from Chinese supply chains and potentially divides the digital economy into at least two spheres of rules, norms and standards, just as China’s “Great Firewall” had already driven a wedge in the global internet. Weakened international cooperation will in turn undermine global governance institutions which might otherwise build and sustain rules, norms and standards to reduce cyber risks for governments, firms and communities. Further, the demarcation of the digital economy into US-led and China-led spheres risks enhancing the foreign influence of these major powers over other states within their spheres, including not only favouring firms originating in each major power but increasing the likelihood states may be influenced to support their major power partner on other matters from international rule-making to targeting firms (or even individuals representing firms) from third countries. Overall, the Huawei problem poses serious challenges to international relations.

Economic cooperation risk

Huawei is a stark example of the risk of economic coercion by a major power, with the US targeting a private sector firm and wielding a range of state measures to constrain the firm in international markets. In the absence of evidence on the public record of any wrongdoing (although, to be sure, potential risks), the action sets an alarming precedent for how economic coercion may be deployed by major powers against other international firms as the geopolitical climate continues to deteriorate. It increases the likelihood of counter-measures and therefore generates risks for a wide range of other international firms. The implications of the actions against Huawei transmit throughout global supply chains, with all international firms that supply Huawei impacted by US executive and legislative restrictions and liable to sanction for not conforming. As noted above, the result may ultimately be decoupled supply chains, which would generate adjustment costs as well as long term costs of duplicating and in some cases sourcing from higher cost suppliers. Firms on both sides will lose access to valuable markets. The Huawei dilemma poses serious questions about future international economic cooperation and is a risk to globalisation processes.

Identified risks

Security (threat)

1. Cyber-attack risk

2. Espionage risk

3. Surveillance state risk

International relations

1. Rules/norms risk

2. Institutional risk

3. Foreign influence risk

Economic cooperation

1. Coercion risk

2. Supply chain risk

3. Globalisation risk

Risk analysis

Security risk/threat

The central security concern rests upon a theoretical proposition that Chinese technology underpinning international communications systems could be weaponised by the Chinese state. The US and its allies, amongst others, distrust the authoritarian Chinese party state and fear its growing technological and military capabilities. Despite being a private firm, observers note Huawei could be co-opted to serve the national security objectives of the Chinese government and forced to facilitate espionage or cyber-attacks (Gilding, 2020). Article 7 of China’s National Intelligence Law of 2017 is particularly cited, which requires that Chinese firms and their employees cooperate with national intelligence agencies lawfully carrying out their work (Girard, 2019). The US government has equivalent powers (Eisenstein & Halpert, 2018).

The risk of espionage would appear on the face of it to be realistic. After all, it is well documented, including in the Snowden and WikiLeaks revelations, that the US and its Five Eyes (Australia, Canada, United Kingdom and New Zealand) partners similarly engage in espionage (Snowden, 2019), including co-opting Apple, Facebook, Google and other firms to collect data (Biddle, 2020). There is no reason to believe China is not doing the same, regardless of the geopolitical climate and regardless of standard government denials. The perennial risks of espionage raise highly technical questions about capabilities of detection and protection. These are relevant questions not only in relation to Huawei, but for all telecommunications systems and the complex global supply chains for equipment and software.

The risk of cyber-sabotage is much more dependent on the state of the geopolitical climate. In a state of contest, confrontation and potential conflict, there is a risk that technically undetectable malicious code or “kill switches” are implanted into 5G networks, which could be used for cyber-attacks on critical infrastructure. Such aggressive actions might have been less likely during previous years when the US and China and other countries were cooperatively engaged in building interdependent economies. Indeed, Huawei has been intent on building its international reputation as a trusted provider of state-of-the-art technology and it would appear to be self-defeating to allow itself to be used as a platform for hostility against its customers. In the new era of geopolitical competition however, featuring new flashpoints of confrontation, economic decoupling and more aggressive positioning by both the US and China, the risks become more likely that firms such as Huawei (or indeed firms on the US side) might be co-opted or compromised for more aggressive security operations. This is not a risk specific to the firm, but a risk of hostile state action.

Looking forward, the security of 5G networks will become even more important for the connected technologies of the future. Indeed, risks will not only be generated by major power geopolitical contest but governments will also need to protect against cyber-attack from other states, terrorist organisations or rogue individuals. Whether Huawei can be enlisted as a partner in protecting against such risks, or whether it is a vector of risk, will depend upon normative perspective. Further, countries along the so-called digital silk road that are cooperating with Huawei to build “smart city” infrastructure may see more opportunities than risks, while observers from liberal democracies will be concerned about how such infrastructure might in turn be used for surveillance and social control. Whether China is exporting authoritarianism along its digital silk road rests upon the question of agency. How safe city or other programs are deployed by host governments is, at the end of the day, a matter for them rather than China (Weiss, 2019). After all, US, European and Japanese firms also export facial recognition technology that could be used to target groups or individuals but are not accused of exporting authoritarianism. This underlines the normative bias that runs through most of the narratives about Huawei.

International relations risk

The Huawei case exposes a critical gap in global governance. Inadequate rules, norms, standards and institutions exist to manage risks of globally interconnected technology. The international community is ill-prepared for the implications of the so-called “fourth industrial revolution” of big data, artificial intelligence and an internet of things, composed of connected devices and networks. The digital economy has emerged at a time of unipolarity in the international system and a weakening commitment from the US, as the dominant power, towards multilateralism. In the early stages of the digital economy, US firms such as Facebook and Google wielded significant, largely unregulated power. While the internet evolved with some private sector oversight of certain rules (such as domain names), it had no agreed set of international norms or standards and certainly no international enforcement. In the absence of rules, norms, standards and institutional enforcement, technologies generating risks have developed ahead of technical capabilities to manage those risks. Indeed, technical experts claim the complexity of telecommunications technology renders it impossible to guarantee against malicious code or backdoors in equipment (Lysne, 2018; Chang, 2020). Nevertheless, the risk of malicious action has not prevented the international community from developing – and abiding by – rules, norms, standards and institutions in numerous areas of strategic importance, from food safety to aviation. The lack of discussion about governance options for emerging technologies is therefore remarkable.

Governance of 5G telecommunications has become embroiled in the US-China geopolitical contest, as has governance of the internet. The US has opposed any expansion of the mandate of the International Telecommunications Union (ITU), one of the oldest international organisations, to govern digital communications. Meanwhile China, has developed a clear ambition to be rule-setter and norm maker in internet governance and cyber sovereignty (Schia & Gjesvik, 2017; Wang, 2020), as well as in other transformational technologies such as blockchain and its applications in finance, manufacturing, transport, food safety and public security (Cai, 2019; Stockton, 2020). Across its “digital silk road” partnerships with developing nations, China has promoted uniform standards for 5G rollout (consistent with those set by the ITU), as well as for artificial intelligence and satellite navigation systems (Chan, 2019). China will likely wield influence amongst its technological partners in the rules, norms and standards that will develop over time. China – together with firms such as Huawei - has been actively promoting its cyber governance model at World Internet Conferences, the ITU, the International Standardisation Organisation and the International Electrotechnical Commission and the two United Nations (UN) working groups, the Group of Governmental Experts and the Open-Ended Working Group. China can be expected to have the support of a significant number of developing countries.

While the US has begun to participate more actively in these forums in recent times, a fundamental clash of world views makes it unlikely consensus can be achieved. The Chinese government’s aims in cyber governance include maintenance of social stability and protection from foreign influence, deemed to require control of domestic information that is perceived as a threat to the regime. Consistent with its combination of Confucian cultural roots and Marxist-Leninist political ideology, the Chinese party states rules “by law”, in contrast with the liberal Western notions, “rule of law” and contested power. China’s approach to cyber governance is therefore focused on the state’s ability to control content, which includes network security, while Western approaches are focused on network security and not content. China proposes global standards for data security, while the US is moving to establish its so-called “Clean Network” to set standards amongst a set of “trusted” partners, which appears to ignore the global interconnectedness of supply chains and in particular data, with the emergence of cloud technologies and electronic commerce that rely upon free flow of data. China and the US also take opposing positions on governance of cyber-warfare capabilities, with China supporting (publicly at least) a UN-supervised ban, while the US prefers the status quo in which it can continue to develop its capabilities (McCarthy, 2019).

The Huawei paradox, combined with the politics of fear and blame during the Covid-19 pandemic of 2020, has amplified the different approaches of the US, with its lack of a governance framework for data security and opposition to multilateral solutions, and China, with its Cyber Security Law and support for global cyber governance. It appears the law of the cyber jungle will persist at the global level while, as will be discussed below, the European Union (EU), with its comprehensive Cybersecurity Act, General Data Protection Regulation (GDPR) and Directive on Security of Network and Information Systems (NIS), models at a regional level the most advanced attempt at rules, norms and standards to guide cyber risk management.

Economic cooperation risk

The denial of supply of advanced semiconductor chips to Huawei by the US appears likely to reinforce China’s geopolitical fears of containment and indeed historic memories of dismemberment by outside powers. Consequently, it can be expected to drive China to double down on its strategy for not only self-reliance and alternative sources of supply but indeed dominance in next generation technologies. It may take some years, but China can be expected to develop a semiconductor industry to rival the US in time. While it is impossible to prove a counterfactual, it has been suggested by Kennedy (2020) that a more “principled interdependence” between US and Chinese supply chains rather than decoupling might have sustained US semiconductor leadership, slowed China’s technological advance and offered opportunities for joint work on risk management. Coercion has been chosen over cooperation in what may yet prove to be a turning point in the deteriorating geopolitical contest between the US and China, which was being extended to impact new firms and new industries at the time of writing.

The economic costs of excluding Huawei alone are considerable. A Huawei-commissioned Oxford Economics report (2019) predicted that restricting Huawei from competitive tenders will lead to increased 5G investment costs of between eight percent to 29 percent over a decade and would have a cost to GDP in 2035 from $2.8 billion in Australia to $21.9 billion in the US. For US semiconductor firms, the export controls on sales to Chinese buyers constitute a major risk to their global business strategies. In a survey of exports in the first four months of 2018, Capri (2018) found Qualcomm relied on China for 60 percent of revenue, Micron over 50 percent and Broadcom about 45 percent. A Boston Consulting Group report forecast a full decoupling with China would reduce the US chip sector revenue by 37 percent and lower its market share to 30 percent, while China’s market share would rise from three percent to 31 per cent (Varas & Varadarajan, 2020). Further, as the geopolitical climate worsens, there is a risk that China will retaliate against US or allied firms. The Chinese government has reportedly drawn up plans to target so-called “unreliable entities”, such as Fedex, which it is alleged allowed shipments of weapons to Hong Kong and mainland China and diverted US packages addressed to Huawei (Wu, 2020). Any tit-for-tat economic coercion between China and the US will pose significant economic risks for third parties if it escalates, as expected, to include more expansive export controls, prosecutions of technology theft and restrictions on joint research and development with Chinese partners (Thomas-Noone, 2020).

Farrell & Newman (2019) coined the phrases “weaponised interdependence” for this phenomenon of a state deploying economic coercion to leverage its asymmetrical power over a global network and “chokepoint effect” to deny network access to an adversary. Now that the US has set the precedent in its campaign against Huawei, how else the tactic might be deployed is not yet clear, with fears in China, for example, that the US could target international payments through its SWIFT system (Zhao, 2020). To be sure, once the process is initiated against a firm or a sector, entire supply chains will be disrupted. The consequent evolution of a new global economy that moves away from market-led globalisation towards state-led spheres of geopolitical influence is uncertain at this point but 2020 may yet turn out to be a tipping point towards a much more geopolitically-infused international business environment. Geopolitical risk analysis is likely to receive much more attention in international business literature.

Risk assessment

The assessment of security, international relations and economic cooperation risks for 5G networks must be made in the context of not only contemporary international relations but over the life of such networks. This means planning for scenarios, including worst case scenarios. The theoretical capability for cyber-attack, for example, might not be a serious risk in some scenarios, but might become a threat in worst case scenarios in which the major powers are escalating confrontation or engaged in conflict. Following his Huawei ban, Australian prime minister, Malcolm Turnbull observed “it’s important to remember that the threat is a combination of capability and intent. Capability can take years or decades to develop … but intent can change in a heartbeat” (Bourke, 2019). The Australian government clearly assessed the risk could become a threat, and therefore adopted a strategy of risk avoidance by banning Huawei all together. Based on distrust of the Chinese party state, the logic of this strategy would be to avoid all critical supply dependencies on China, which has indeed become a common rallying call within the US and some of its allies since.

Any qualitative assessment of risks must take into account two key concepts, likelihood and consequence. The type of political risk will depend on whether the factors generating the risk arise at the firm level, the country level or as a result of the geopolitical environment. Huawei as a firm has been assessed to pose security risks because of the nature of the Chinese party state and the risks are therefore China risks, or geopolitical risks, rather than specific to the firm itself. Equally, the international relations risks that are generated by the case appear to be not simply because of Huawei itself but arise from the diverging interests of the US and China, characterised in particular by the lack of global governance rules, norms, standards and institutions, which have been established and maintained in other sectors, as noted above, from aviation to food security. Further, in relation to economic cooperation risks, Huawei again appears to be simply the trigger case for an emerging trend in the new geopolitical contest for the US and China to deploy economic coercion, to reconfigure supply chains and indeed to reshape globalisation according to geopolitical agendas and, consequently, abandoning the neoliberal and internationalist market-led phase of globalisation that characterised previous decades.

Accordingly, the Huawei case can be assessed as a prime example of geopolitical risk and can therefore only be understood in the context of the international relations, security and consequent economic policies of the major powers. Suppliers and partners of Huawei and indeed any strategically important firms from China or the US must therefore plan to manage geopolitical risks in the current environment. There has traditionally been very little cross-fertilisation between business literature on political risk and international relations literature (Fägersten, 2015), yet this discussion demonstrates that risks for governments, firms and communities in the Huawei case are entirely bound up in questions of international relations and will require new approaches to risk management.

Risk management

Ideally, risk management in matters of security, in particular, should take a “zero trust” approach that is blind to suppliers and that applies layers of monitoring and testing for vulnerabilities, as threats could actually come from anywhere – not just one particular geopolitical competitor at any one time. Equally, risk management, whether in relation to security, international relations or economic cooperation risks, should ideally take place within established internationally agreed rules, norms and standards, as well as institutions for enforcement. In the new technologies, however, the US laissez-faire approach has dominated, although as discussed below the EU has introduced sophisticated regulations to protect against cyber risks that may provide a way forward.

Nevertheless, the risk of a major power acting to weaponise interdependence has now been demonstrated by the US campaign against Huawei and it is equally conceivable that China, too, could weaponise interdependence in the new technologies in which it leads. Neither major power is solely at risk here and both have the capacity to generate risks. Other states will therefore make a proportionate risk assessment in relation to Huawei with an eye to the geopolitical environment, including in which context cyber and other risks are likely and in which context they would be of high consequence. Governments will also factor into their assessments whether subsequent actions are likely to impact on trust and cooperation with other countries, including both China and the US. In the absence of global rules and norms to build confidence in international cooperation and to minimise risks in 5G, governments must also build their technical capabilities to monitor and mitigate identified cyber risks. The technologies, including equipment, software and updates, are however so complex that it is simply not possible for technical monitoring to have any level of certainty that it will detect kill switches or malicious code, in particular if they have been implanted by the supplier (Lysne, 2018).

The interplay between security and economic factors such as supply chains and trade and investment policies must also be weighed as part of any risk assessment and development of a risk management strategy. An EU coordinated risk assessment (European Commission, 2020) noted that the technological change represented by 5G will increase the overall attack surface for potential cyber threats, across networks and in software development and update processes, as well as in relation to reliance on network operators and their role in the supply chain. Without naming Huawei, it drew particular attention to the importance of the individual risk profile of suppliers and the increased risk of dependency on a single supplier.

For governments that assess likely and consequential cyber risks but elect not to follow the Australian example of complete risk avoidance, capabilities must be developed or sustained to manage and mitigate identified risks. In the absence of global rules and norms, this remains an area of uncertainty and diversity in policy development, as well as in technical capacity-building. Each state will have sensitive assets and vulnerabilities and will need to ensure that it has regulatory, monitoring and technical capabilities to protect against risks to those sensitive assets and vulnerabilities. State security agencies need to develop and deploy extremely high system security strategies for cyber risk assessment and mitigation in an increasingly complex environment of global supply chains, involving thousands of actors and sources of software code. Further, to protect citizens from the risks posed by both Chinese and US firms, states will need data protection capabilities, with regular audits of data collection processes by international firms, ideally overseen by independent regulators.

It is unclear to what extent states are ready for the new cyber world.

The EU has become a leader in grappling with the new cyber-risk management challenges. Indeed, the EU has significant norm-setting power because of its highly developed system of international harmonisation across all sectors of the economy, and its capabilities to manage risk in the digital economy may yet provide a model for others. It has introduced cybersecurity standards, including the GDPR to safeguard data integrity. The EU toolbox of risk mitigating measures includes strengthened regulatory powers and technical improvements to improve security of 5G networks and equipment, including restricting “high-risk” suppliers (originating in countries without democratic checks and balances) from providing core network assets and diversification of vendors to avoid dependency on one supplier. Further, it recommends strengthening local EU capacities to supply 5G and post-5G technologies (European Commission, 2020). The provisions restricting core network services recognises that control of the core network is more valuable for espionage than non-core components, the latter only providing access in local areas (Taylor, 2020).

There is however a danger in Europe, unlike the US, that telecommunications providers have neglected their capabilities to manage their own networks, often outsourcing to equipment vendors, including Huawei. Relying on Huawei to monitor cyber risks that some claim emanate from or through Huawei would appear to be unwise. Governments taking a risk management approach need to require service providers to maintain full service technical expertise and comprehensive security capabilities, and to ensure they maintain reliable monitoring capabilities, or to develop automated solutions (Hubert, 2020).

Diversification of the supply chain offers an important risk mitigation measure. If at some time in the future, a particular supplier is identified as constituting a likely and consequential risk, it will be less costly to avoid risk if a diversity of suppliers is available and already present in the market. Nevertheless, as in most industry sectors, telecommunications supply chains are highly globalised and it is not only Chinese firms that source components from China, so it should be expected that governments will seek to diversify entire supply chains over time if they remain concerned about cyber risks emanating from China in particular. Equally, economic coercion risks emanating from the US export controls on its advanced semiconductors will force countries and firms not part of the US-led “Clean Network” to source new suppliers and to develop new supply chains, as is already underway (Capri, 2020). A proposed Open Radio Access Network model may offer a future opportunity to allow multiple vendors to operate 5G services interchangeably, without one firm providing all of the infrastructure, but the model is as yet unproven.

To mitigate risks of espionage, encryption can be employed. Control over data integrity can also be strengthened (although not guaranteed) by requiring that data is stored within national borders rather than exported to other jurisdictions. China mitigates cyber risks (from, for example, the US), by requiring that all data storage is held within China’s national borders and is subject to its domestic cyber security legislation. To mitigate against cyber-attacks, duplication of critical functionality is one option, although costly, to allow for an alternative network to replace a compromised network (Lysne, 2018). For those governments that can afford it, highly sensitive networks, such as emergency services and national security, can be maintained independently, although this also is an expensive option.

Finally, national governments have a widely-recognised power to regulate trade and investment on national security grounds and this provides potential, although unexplored, opportunities in this case. Instead of a ban, for example, a government could approve a foreign supplier but only on the condition that it forms a new, domestically-based joint venture with a domestic firm that has adequate monitoring capabilities to mitigate cyber risks. Huawei has offered to license its technology to US firms (Friedman, 2019) and presumably could be required to do so by other jurisdictions, with national firms building and operating the network, with rewritten source codes, inspections of equipment and software and other processes to meet national security requirements. Huawei has already moved to manufacture 5G network equipment in France for the European market (Huawei, 2020).


The new technologies of the fourth industrial revolution are generating a whole new set of geopolitical risks. While Nye (2011) predicted cyber power would be more diffused than other forms of power, just as earlier observers expected of the information revolution, the shape of the world emerging in the 2020s remains the domain of the nation state. The dominant power, the US, is determined to maintain its position, including resisting global governance in cyber governance and in wielding the power of the state against the claimed risks of Huawei. Meanwhile, China is developing powerful cyber-capabilities to match its growing economic power and is seeking to set the agenda in global governance, yet it is deeply distrusted amongst liberal democracies in particular. In a rapidly deteriorating climate of geopolitical contest, confrontation and even conflict is no longer out of the question. Risks of cyber-espionage and sabotage, as well as weaponization of information and artificial intelligence, therefore become assessed by states as realistic security threats. No rules or institutions exist to sanction rule-breaking or to rebuild confidence and trust. At the time of writing, it would appear the world is headed towards a spiral of decoupling strategically important supply chains and the potential construction of two rival systems, one led by the US and one by China.

Even in a decoupled world, security risks will remain and there is an urgent need for more technical research on risk management capabilities. At the national level, precautionary measures and enhanced risk management strategies are essential. These are likely to remain highly contested matters for some time to come.

To date, the digital economy has generated natural monopolies that control vast amounts of data, extract value and gather more and more power. These monopoly actors are now the largest firms in the world, and most originate from the US. The lack of governance of the digital economy raises a broader range of risks than China alone. Decision makers have failed to date to comprehensively grapple with the new rules that may be needed to reduce the risks of these natural monopolies seizing more power over governments, the economy and individuals

The Huawei debate is not simply about the rise of one firm from China to threaten US supremacy. Huawei is a proxy for fear of China itself, its likely future capabilities and possible intentions. Whether China acts according to high risk or threat scenarios is, of course, heavily contingent on the state of the international system and whether it descends into conflict or whether international cooperation can be maintained.

The US and some of its allies appear to so deeply distrust China that they are unwilling to attempt to find new international rules, norms, standards and institutions to govern the new digital economy. We should be careful what we wish for. By branding China as an unacceptable risk and decoupling from its world-leading firms, rather than developing risk management strategies and systems of international cooperation, we may reinforce China’s historical geopolitical fear of encirclement, and over time encourage its government and firms to behave in exactly the way we fear. Or, if the worst-case scenario analysts are correct, we could be headed in that direction anyway.

The Huawei paradox is therefore more than simply a problem of international business but represents a crisis of international relations, driven not only by trust in a supply chain, but the larger questions of whether it is possible to build processes of engagement, co-existence, norms, verification and enforcement to maintain international peace and security.

Originally published in Wirtschaft und Management, December 2020


Alon, I., & Herbert, T. (2009). A stranger in a strange land: Micro political risk and the multinational firm. Business Horizons (52): 127-137.

Alon, I., & Martin, M. (1998). A normative model of macro political risk assessment. Multinational Business Review. Retrieved from

Balding, C. (2019). “Huawei Technologies’ links to Chinese State Security Services”. SSRN. Retrieved from

Biddle, S. (2020). “The Filthy Hypocrisy of America’s ‘Clean’ China-Free Internet”. The Intercept. Retrieved from

Bourke, L. (2019, March 6). “Turnbull warns Brits about letting Huawei build 5G network”. The Age.

Bryan-Low, C., Packham, C., Lague, D., Stecklow, S., & Stubbs, J. (2019). “Special report – hobbling Huawei: Inside the U.S. war on China’s tech giant”. Reuters. Retrieved from

Cai, J. (2019, December 2). Will the China of tomorrow run on the technology behind bitcoin? South China Morning Post. Retrieved from

Capri, A., (2020). COVID-19 impact on business: will the pandemic trigger more state intervention in business strategies? Hinrich Foundation. Retrieved from

Chan, J. (2019). All may not be smooth along China’s digital silk road. The Interpreter. Retrieved from

Chang, G. (2020). The Great US-China Tech War. New York, NY: Encounter Books.

Department of Commerce. (2020, August 17). “Commerce Department Further Restricts Huawei Access to U.S. Technology and Adds Another 38 Affiliates to the Entity List”. Press release. Retrieved from

Department of Justice. (2019, January 28). “Chinese Telecommunications Device Manufacturer and its U.S. Affiliate Indicted for Theft of Trade Secrets, Fraud, and Obstruction of Justice”. Justice News. Retrieved from

Department of State. (2020, August 11). “The Clean Network Safeguards America’s Assets”. Fact Sheet. Retrieved from

Dirks, E., & Cook, S. (2019). China’s Surveillance State has Tens of Millions of New Targets. Freedom House China Media Bulletin, 139. Retrieved from

Dowden, O. (2020, July 14). Huawei to be removed from UK 5G networks by 2027. Press release. Department for Digital, Culture, Media & Sport/National Cyber Security Centre. Retrieved from

Eisenstein, I., & Halpert, J. (2018). “Data protection, privacy and security alert”. DLA Piper. Retrieved from

European Commission (2020). Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions: Secure 5G deployment in the EU – implementing the EU toolbox. Brussels. Retrieved from

Fägersten, B. (2015). Political risk and the commercial sector - aligning theory and practice. Risk Management, 17(1).

Farrell, H. & Newman, A. (2019). Weaponized Interdependence: how Global Economic Networks Shape State Coercion. International Security, 44 (1).

Fernandes, C. (2019, October 1). “What’s at stake in Trump’s war on Huawei: control of the global computer-chip industry”. The Conversation. Retrieved from

Fitzpatrick, M. (1983). The definition and assessment of political risk in international business: a review of the literature. The Academy of Management Review, 8(2), 249-254. Retrieved from

Fletcher, B. (2019, December 13). “Telenor ditches Huawei, taps Ericsson for 5G RAN in Norway”. Fierce Wireless. Retrieved from

Friedman, T. (2019). “Ren Zhengfei’s Interview with New York Times Op-Ed Columnist Thomas L. Friedman”. Retrieved from

Gilding, S. (2020). 5G choices: a pivotal moment in world affairs. The Mandarin. Retrieved from

Girard, B. (2019). The real danger of China’s national intelligence law. The Diplomat. Retrieved from

Gu, L. (2019). China’s Huawei, AU sign MoU to strengthen technical partnership on ICT. English China News Service (ECNS). Retrieved from

Hartcher, P. (2018, September 24). How China is driving Australia and Trump into each other’s arms. The Sydney Morning Herald. Retrieved from

Heater, B. (2020, February 28). “Senate passes ‘rip and replace’ bill to remove old Huawei and ZTE equipment from networks”. TechCrunch. Retrieved from

Hillman, J. & McCalpin, M. (2019). Watching Huawei’s ‘safe cities’. Center for Strategic & International Studies. Retrieved from

Hjortdal, M. (2011). China’s Use of Cyber Warfare: espionage meets strategic deterrence. Journal of Strategic Security, 4 (2). Retrieved from

Huawei. (2020, February 27). “Huawei announces it will open manufacturing plant for wireless products in France”. Press Release. Retrieved from

Hubert, B. (2020, January 20). “5G: The outsourced elephant in the room”. Retrieved from

Hunter, F. (2019, June 12). New communications minister denies Huawei ban will hurt Australia’s 5G rollout. The Sydney Morning Herald. Retrieved from

Ikenson, D. (2019, July 5). “Blacklisting Huawei could cost trillions, so let’s look before we leap. China-US Focus. Retrieved from

Jarvis, D. (2008). Conceptualizing, analyzing and measuring political risk: the evolution of theory and method. Lee Kuan Yew School of Public Policy Research Paper Series LKYSPP08-004.

Kennedy, S. (2020). Washington’s China Policy Has Lost Its Wei. CSIS Briefs. Center for Strategic & International Studies. Retrieved from

Kobrin, S. (1979). Political risk: a review and reconsideration. Journal of International Business Studies, 10, 67-80.

Li, L., Cheng, T. & Yu, Y. (2020, August 19). “How a handful of US companies can cripple Huawei’s supply chain”. Nikkei Asian Review. Retrieved from

Lim, D. & Ferguson, V. (2019). Huawei and the decoupling dilemma. The Interpreter. Lowy Institute. Retrieved from

Lysne, O. (2018). The Huawei and Snowden Questions. Can Electronic Equipment from Untrusted Vendors be Verified? Can an Untrusted Vendor Build Trust Into Electronic Equipment? Fornebu, Norway: Simula Research Laboratory/Springer Open. Retrieved from

McCarthy, S. (2019, September 30). “Could China’s strict cyber controls gain international acceptance?” South China Morning Post Retrieved from

McKenzie, N., & Galloway, A. (2020, January 31). “The man who stopped Huawei: a former spook speaks out”. TheSydney Morning Herald. Retrieved from

McMaster, H. (2020). “How China Sees the World”. The Atlantic. Retrieved from

Mikhailova, A. (2020, January 13). “United States presents Britain with fresh intelligence on Huawei risks in last-ditch attempt to block deal”. The Telegraph. Retrieved from

Nye, J. (2011). The Future of Power. New York, NY: Public Affairs

Oxford Economics/Huawei. (2019). Restricting Competition in 5G Network Equipment: An Economic Impact Study. Retrieved from

Perez, B. (2019, January 28). “UK approves Huawei’s restricted use in 5G networks, handing lifeline to Chinese telecoms giant”. South China Morning Post. Retrieved from

Pham, S. (2019, December 5). “Huawei sues US government over new FCC restrictions”. CNN Business. Retrieved from

Polyakova, A. (2019, December 17). Rules Based Audio [Audio podcast]. Lowy Institute. Retrieved from

Robock, S. (1971). Political risk: identification and assessment. Columbia Journal of World Business, 6 (4), 6-20.

RWR Advisory Group. (2019). Assessing Huawei Risk: how the track record of the CCP should play into the due diligence of Huawei’s partners and customers. Retrieved from

Sachs, J. (2018, December 11). “The War on Huawei”. Project Syndicate. Retrieved from

Schia, N., & Gjesvik, L. (2017). China’s cyber sovereignty. Norwegian Institute of International Affairs Policy Brief 2.Retrieved from

Snowden, E. (2019). Permanent Record. New York, NY: Henry Holt and Co.

Soo, Z., & Zhang, J. (2020, April 13). “Cybersecurity at Top of Huawei’s Agenda as Europe Decides on 5G Infrastructure”. South China Morning Post. Retrieved from

Sottilotta, C. (2017). Rethinking political risk. New York, NY: Routledge.

Stockton, N. (2020). “China Launches National Blockchain Network in 100 Cities”. IEEE Spectrum. Retrieved from

Sykulski, L. (2014). Geopolitical risk in the analysis of international relations. European Journal of Geopolitics, 2, 132-144. Retrieved from

Taylor, M. (2020, January, 28). “Why the UK is right to use Huawei 5G technology”. Verdict. Retrieved from

Thomas-Noone, B. (2020). Tech Wars: US-China Technology Competition and What it Means for Australia. US Studies Centre. Retrieved from

Varas, A., & Varadarajan, R. (2020). How restricting trade with China could end US semiconductor leadership. Boston Consulting Group. Retrieved from

Wang, Y. (2020). Upholding Multilateralism, Fairness and Justice and Promoting Mutually Beneficial Cooperation. Keynote speech at the International Seminar on Global Digital Governance. Beijing. Retrieved from

Weiss, J. (2019). A world safe for autocracy? Foreign Affairs. Retrieved from

Wernick, D. (2006). Terror incognito: international business in an era of heightened geopolitical risk. In Suder, G. (Ed.), Corporate strategies under international terrorism and adversity (pp. 59-82). Cheltenham, UK: Edward Elgar.

Whalen, J., & Fifield, A. (2019, December 12). “China’s Huawei may need two to three years to recover from U.S. trade ban, CEO says”. Washington Post. Retrieved from

Wu, W. (2020, June 13). “Why China did not retaliate after latest US move to target Huawei”. South China Morning Post. Retrieved from

Zenglein, M., & Holzmann, A. (2019). Evolving made in China 2025: China’s industrial policy in the quest for global tech leadership. Mercator Institute for China Studies. Retrieved from

Zhao, C. (2020, June 30). Using SWIFT settlements to threaten China will backfire. Global Times. Retrieved from

Zheng, W. (2019, November 1). “China’s Shenzhen is using big data to become a smart ‘socialist model city’”. South China Morning Post. Retrieved from

39 views0 comments

Recent Posts

See All