China s Perceptions of Cybersecurity

Transcription

1 China s Perceptions of Cybersecurity Wang Peiran Interest and research in cybersecurity issues began in China in the 1980s. In April 1987, retired Major Shen Weiguang published the essay The Harbingers of Information Warfare, where he introduced his ideas on information warfare. 1 In 1987, the Chinese government established the Center for InfoSec Studies 2 and Service, which is the main Chinese cybersecurity agency, and the National Information Center. This article explores China s approach to cybersecurity, and specifically its infrastructure for dealing with cybersecurity threats, the role the Internet has played in changing traditional Chinese norms, and the obstacles to Chinese cooperation with the rest of the world in the field of cybersecurity. In order to successfully confront the challenges of cybersecurity it is imperative that China increase its engagement on both a domestic and international level. Wang Peiran has been a visiting researcher at the Center for Economic Law and Governance, Vrije Universiteit Brussel, Belgium, since September He most recently published A Tough Sell: Overcoming the EU Arms Embargo in China Security, and has been interviewed by China Daily and People s Daily, the official newspaper of the Communist Party of China. His research interests cover security studies and international relations theory. Chinese Infrastructure/Bureaucracy/Domestic Strategy for Cybersecurity. Herbert S. Lin, Chief Scientist at the Computer Science and Telecommunications Board at the National Academy of Sciences argues, information technology is seen as a threat to the regime, because [35]

2 CHINA S PERCEPTIONS OF CYBERSECURITY it provides perspectives beyond the control of the party. 3 Due to these fears, China focuses on protecting critical national infrastructure and controlling the flow of information online. China has invested in its infrastructure and in national policies for cybersecurity. In China, there are sixteen departments handling cybersecurity issues. Departments are either specialized or comprehensive. Specialized departments are similar to functional bureaus China has also developed policies that address cybersecurity. In May 2006, the General Office of the CPC Central Committee and the State Council issued the State Informatization Development Strategy: (SIDS). This makes substantially improving national information security a strategic objective. In the twelfth edition of the Five-Year Plan (FYP), the document charting China s national priorities for a five-year interval, the The government has sought to create a balanced approach to cyber policy, ensuring military preparedness and strategic necessities. and regulate solely within their specific area. These departments include the Information Office of the State Council, the Ministry of Culture, the State Administration of Radio Film and Television (SARFT), the Ministry of Education, the Ministry of State Security (MSS), and the Administration for the Protection of State Secrets (APSS). Comprehensive departments create guidelines for national cyber policy. There are two comprehensive departments : the Ministry of Industry and Information Technology (MIIT) and the Ministry of Public Security (MPS). 4 In addition to these departments, in September 1999 the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) was established. This body, which answers to the MIIT, handles cyber crises. 5 6 This shows that MIIT is the critical agency in China s domestic strategy of cybersecurity rather than the Ministry of State Security. CPC Central Committee explains how information security can be achieved. The Committee stresses the importance of information security in military development and made cybersecurity a national priority. These documents demonstrate that China views cybersecurity as a multi-dimensional problem, involving both military and civilian agencies. The government has sought to create a balanced approach to cyber policy, ensuring military preparedness and strategic necessities. While building an infrastructure and introducing policies on cybersecurity is a good start, more remains to be done. Although different agencies exist, there is no clear mechanism for inter-agency cooperation in the event of a cyber attack. The government needs to develop not only the necessary technology for dealing with a public cyber emergency, but also a national policy for coordinating government policy and a platform for contradiction between [36] Georgetown Journal of International Affairs

3 PEIRAN International Engagement on Cyber 2012 contradicting viewpoints. There is no evidence, however, of a commitment to such a policy by the country s leadership. According to Ning Jiajun, a member of the Advisory Committee for State Informatization and Information, a lack of coherent leadership, organization and coordination is a serious challenge to China s cybersecurity development. 7 In addition to policy, new legislation on cybersecurity is urgently required. In March 2012, Mr. Xu Long, Deputy to the National People s Congress (NPC), pointed out there is no coherent information security law. The functions of existing laws and regulations are unclear, inefficient, and contradictory. He concludes that the laws needs to be clarified with regards to legislative aim, sphere of application, conceptual framework scope, supervisory administration, protection for system computer information, internet information service, e-business security, information, and legal responsibility (civil, administrative, and criminal). 8 The Implications of Cyber on China s Social Transformation. Since the late 1970s, China has experienced profound social transformations that threaten traditional culture and ideology. The economic boom of the last thirty years has brought in more stakeholders in the policy-making process. The party leadership is now forced to consult private businesses, state-owned enterprises, the military, and others. Technology has introduced new forms of media into the country. Social media and the resulting increased transparency have reduced corruption and created a platform for confrontation between contradicting viewpoints. The role technology plays in reducing corruption has been acknowledged by Chinese authorities in The Internet In China, a report issued by the Chinese government in June 2010: In order to facilitate the public s reporting of corrupt and degenerate officials, the central discipline inspection and supervision authorities, the Supreme People s Court, the Supreme People s Procuratorate and other relevant bodies have set up informant websites. The informant website of the CPC Central Commission for Discipline Inspection and the Ministry of Supervision and the website of the National Bureau of Corruption Prevention are playing an important role in preventing and punishing corruption and degeneration among officials. According to a sample survey, over 60 percent of netizens have a positive opinion of the fact that the government gives wide scope to the Internet s role in supervision, and consider it a manifestation of China s socialist democracy and progress. 9 The Internet has made it increasingly difficult for any one actor to dominate political discourse. The debate between nationalism and liberalism in China is exemplary of the growing diversity of opinion in China and can be attributed at least in part to the increased access to the Internet. In 1996 the book China Can Say No: the Political and Emotional Choice in the Post-Cold War was published. The book was a nationalist diatribe against the West, and, at that time, few [37]

4 CHINA S PERCEPTIONS OF CYBERSECURITY books with alternative viewpoints were published. Thirteen years later, a new nationalist text, China Is Not Happy: Epoch Times & Great Goals and Our Troubles at Home and Aggression from Abroad, was published. But in the same month, Who Are Unhappy in China: Three Cyber Swordsmen, which supports universal values, was published. This book challenges the narrow vision of the nationalist texts. The Internet has facilitated liberalism and universal values that challenge the traditional nationalist discourse to enter Chinese society more easily. Chinese elites, who have greater access to these discussions of liberal and universal values in cyber space, will play key roles in developing civil society and working towards democratization. This new political discourse in China has led to the acceptance of the importance of the freedom of speech and the protection of human rights in China s intellectual communities. China and International Cooperation. Considering the transnational character of cyber warfare and the importance of non-state actors in the Post-Cold War world, international cooperation on cybersecurity should be premised on the basis of global governance. As an emerging power, China should take a leading role in cooperating with relevant stakeholders to help establish international norms and oversight bodies. To date, however, China s engagement in this area has been minimal as a result of its diplomatic promise of respecting national sovereignty, the mutual-distrust between China and the West, and the threat to the social order presented by freedom of speech. Since its founding, the principles of respecting national sovereignty and non-interference have been central to PRC s diplomacy. In the post-cold War period, China s ability to act in international forums has been constrained by this emphasis on state sovereignty. China has found it difficult to collaborate with the international community on cybersecurity issues because international treaties formed on the basis of universal values challenge the traditional Chinese view of sovereignty. Despite the end of the Cold War, China s relationship with the West remains mixed. From the Chinese perspective, the Western community s focus on human rights constitutes a potential and practical threat to the survival of the CCP and the stability of China s society. Many in China s leadership consider the Internet to be a tool for western intervention. This fear is tied to the Chinese perception of sovereignty. Simultaneously, the West is concerned about China s capacity for cyber espionage and information warfare. Unrestricted Warfare, published by two PLA Air force officials, is a good example of the mistrust between the Chinese and Western communities. The quick success of the U.S. military in the 1991 Gulf War surprised PLA leaders and revealed the massive capability gap between the conventional armed forces of the United States and China. Coupled with tension in the Taiwan Strait throughout the 1990s, the incidental Belgrade embassy bombing in 1999, and the Hainan Island Incident on 1 April 2001, the PLA began to see the United States as a potential future military adversary. Asymmetric warfare was considered by the authorities the only solution to closing the capability gap. [38] Georgetown Journal of International Affairs

5 PEIRAN International Engagement on Cyber 2012 reluctance results in more criticism and so the spiral continues. This cycle, reminiscent of the security dilemma witnessed during the Cold War, will promote rising conservative nationalism in China, which will be a further obstacle to cooperation. Thus China s participation in international talks on cybersecurity is mutually beneficial for China and other key stakeholders. It will be important to emphasize building a consensus between Chinese and Western values. This consensus is the social and intellectual basis of international cooperation between China and the Western stakeholders. Unrestricted Warfare demonstrates the PLA officials intentions to win any future conflicts in an asymmetric way, not an intention to engage in unrestricted cyber warfare at present. At the same time, the gap in technological capabilities between China and the West results in China s rejection of international cooperation. Zhang Yongfu, a professor at the PLA Information Technology University Committee declared the core technology is monopolized [by the West], especially in areas of national and military security, which cannot be imported or bought. Hence, we must build [a] robust base of core technology with our [own] intellectual property, master fate in our hands. 10 But all key stakeholders should play a role in building the institutional framework for transnational cybersecurity policy. Once China is accepted internationally, it will comply with the rules and norms. China s access to the international nonproliferation regimes is an excellent example. If China were excluded from the Nuclear Non-Proliferation Treaty, the EU s and U.S. s debates over nonproliferation and related issues with China would be more difficult than at present. If criticism against China pervades, China will be reluctant to play a role. This In developing international cybersecurity norms it will be important to emphasize building a consensus between Chinese and Western values. This consensus is the social and intellectual basis of international cooperation between China and the Western stakeholders. To promote China s engagement in international-regime building, a multi-track dialogue mechanism should be established, including official, academic, and civilian channels. Through academic exchange, the Chinese intelligentsia comes to understand Western perceptions and accept Western values. These intellectual leaders are then able to exert influence on policy-makers in Beijing. Conclusion. China has engaged in cyber research since the 1980s but much more remains to be done at both a domestic and international level for China to successfully confront cyber- [39]

6 CHINA S PERCEPTIONS OF CYBERSECURITY security attacks. First, China needs to develop inter-agency policy for its sixteen departments to coordinate with each other in the event of a cyber attack. Second, it needs to develop legislation that addresses cybersecurity needs. Third, it needs to participate in international talks on cybersecurity. China has benefited from the peaceful international environment since the end of the Cold War. New transnational security challenges require more coherent international cooperation outside the bounds of normal national security perceptions and interests. China must place more emphasis on improving transnational security cooperation. By engaging in the rule-making process, China will earn considerable goodwill and protect its strategic interests. 1 Shen Weiguang, The Harbingers of Information Warfare, Newspaper of the People s Liberation Army, 17 April The term InfoSec or Information Security is the synonym for cybersecurity in Chinese discourse. 3 Brigid Granman, Cyber-security: The Vexed question of global rules, February 2012, Internet, mcafee.com/us/resources/reports/rp-sda-cyber-security.pdf (date accessed: 7 October 2012). 4 Wei Liurong, Wang Rong, The Analysis of China s Internet Management System, China New Telecommunication (Zhongguo Xin Tongxin), 18 November National Computer Network Emergency Response Technical Coordination Center of China (CNCERT or CNCERT/CC), Internet, cert.org.cn/publish/main/34/index.html. 6 (date accessed: 7 October 2012). NOTES 7 Zhang Zhiyu, Huangkai, The Present Status of InfoSec in China (Zhongguo Xinxi Anquan Xianzhaung), Chinese Information Community (Zhongguo Xinxijie), No. 8, Zheng Jiaxin, Zhang Peifa, XU Long Suggests Legislation of InfoSec and Electronic Payment, 4 March 2012, GB/70731/ html (date accessed: 7 October 2012). 9 The Information of Office of State Council, The Internet in China, white paper, 8 June 2010, Internet, (date accessed: 7 October 2012). 10 Cheng Xiangran, Master the Strategic Highland of Cyber Security (Zhangwo Wangluo Anquan Zhanlue Xin Gaodi), PLA Daily, 2 February 2012, htm (date accessed: 7 October 2012). [40] Georgetown Journal of International Affairs