China’s Rare Earths 2.0

Governments of liberal democracies have finally woken up to the threat of the Chinese Communist Party’s control of rare earths, which are vital for everything from military applications and aircraft to electronics and clean energy. Yet governments and industry remain oblivious to an equally serious, if not broader, dependency: on Chinese CIMs.

CIMs — or cellular IoT modules — are about the size of a thick credit card. They contain processors, memory, antennae and an e-sim to link them to the internet. They are, in effect, the gateway to connected systems that ensure that modern products function. Logistics, manufacturing systems, agricultural machinery, vehicles and telecommunications, to name a few, rely on them to transmit, process and update data. Latest estimates project that by 2029, CIM connections will exceed 6.4bn. Welcome to the internet of things.

A modern car is a good example. It is a computer on wheels, relying on constant data transfers. The CIM ensures, for example, that the car detects an errant cyclist or avoids a pothole.

A powerful dependency

Today, China is the source of around 69 per cent of global CIM shipments, which is a proxy for CIM connections. Its government seeks to dominate and eventually monopolise this crucial sector. It is driving out western competition through subsidies and other support. Already western players are being sold to Chinese competitors (Sierra Wireless of Canada sold its automotive CIM production line, ultimately to Fibocom), or shutting their CIM division (u-Blox of Switzerland).

Given the crucial importance of CIMs to most economic activity, a CCP monopoly would create a more powerful dependency than on rare earths. In today’s age of economic coercion, the party could leverage it in many ways: “Western government, we don’t like your Taiwan policy, nor trade policy or national security exclusions. Please think again, or the supply of CIMs will dry up.”

But it gets worse. CIMs themselves require regular so-called “firmware over the air” updates. This is what’s behind US government concerns about the likes of Chinese cranes, connected vehicles, routers and payment terminals. Because monitoring every Chinese company update to its CIMs is not possible, the door is open to the introduction of malware that can be exploited at a future time of geopolitical tension.

Why would the CCP ever fight the US and its allies, when it can simply turn them off by rendering their grids, pipelines, payment systems and other critical national infrastructure inoperative? As Microsoft has revealed, the Chinese have already spent five years mapping out US and other countries’ critical infrastructure (an operation dubbed Volt Typhoon) and embedding viruses to be activated during crises.

There’s already evidence that data exfiltration has occurred. I hear from government sources that the government car that the UK security services took apart in 2022, because data was passing through the CIM to China, belonged to the prime minister. Perhaps you don’t mind the data from your mobile phones or speech from your car going to China. But information from government officials, military and other sensitive personnel should not.

The three threats

Awareness of this “rare earths 2.0” threat is growing, but slowly. In January the US government put Quectel — one of the industry’s biggest players — on its 1260H list, which identifies Chinese military firms subject to heightened national security. This is a signal that more restrictive action may be imminent. But Chinese companies are taking prophylactic action, attempting to sidestep such restrictions by metastasising to form US or European companies, which are still owned by China, or by establishing joint ventures.

This metastasising — it is indeed a cancer — does not diminish the three threats of dependency, denial of service (the notorious kill switch) or data vulnerability. As in the case of TikTok and ByteDance, there is no way that Chinese CIM manufacturers are going to hand over their algorithms to foreigners, allowing them to break away and compete. That means that the technology and the “firmware over the air” updates remain Chinese, even those delivered by a joint venture.

The good news is that there are trusted, non-Chinese CIM manufacturers, which could easily increase production. But first, governments must exclude the threat of Chinese CIMs from our systems (just as the Chinese — sensibly — exclude foreign CIMs). Then financiers would back these trusted suppliers, knowing that they would not be undercut by subsidised Chinese competitors. The alternative is to create a “rare earths 2.0” threat. Have we not already learned that lesson?

Charlie Parton spent 22 years of his 37 year diplomatic career working in or on China, Hong Kong and Taiwan. In his final posting he was seconded to the EU Delegation in Beijing, where, as First Counsellor until late 2016, he focussed on Chinese politics and internal developments, and advised the EU and Member States on how China’s politics might affect their interests. In 2017 he set up his own consultancy, China Ink, and was chosen as the UK Parliament’s Foreign Affairs Committee Special Adviser on China; he returned to Beijing for 4 months as Adviser to the British Embassy to cover the Communist Party’s 19th Congress.