China s Cybersecurity Challenges and



Similar documents
Cyber Diplomacy A New Component of Foreign Policy 6

the Council of Councils initiative

China s Perceptions of Cybersecurity

The main object of my research is :

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

RUSSIA CHINA NEXUS IN CYBER SPACE

DECLARATION STRENGTHENING CYBER-SECURITY IN THE AMERICAS

Thank you for your very kind introduction.

peace, Security and Development in BRICS

Keynote. Professor Russ Davis Chairperson IC4MF & Work Shop Coordinator for Coordinator for Technology, Innovation and Exploitation.

How CNCERT/CC fighting to Botnets. Dr.Mingqi CHEN CNCERT/CC March 31, Beijing

(U) Appendix E: Case for Developing an International Cybersecurity Policy Framework

NATIONAL CYBERSECURITY STRATEGIES: AUSTRALIA AND CANADA

Executive Director Centre for Cyber Victim Counselling /

Cybersecurity. Canisius College

Panel 3: Applicability of International Law to Cyberspace & Characterization of Cyber Incidents

Policies and Practices on Network Security of MIIT

Cybersecurity Global status update. Dr. Hamadoun I. Touré Secretary-General, ITU

Research Note Engaging in Cyber Warfare

COURSE DESCRIPTION FOR THE BACHELOR DEGREE IN INTERNATIONAL RELATIONS

working group on foreign policy and grand strategy

Honourable members of the National Parliaments of the EU member states and candidate countries,

Dear Delegates, It is a pleasure to welcome you to the 2016 Montessori Model United Nations Conference.

Statement for the Record. Richard Bejtlich. Chief Security Strategist. FireEye, Inc. Before the. U.S. House of Representatives

General Assembly. United Nations A/66/359

Nixon s Foreign Policy

Cyber Security Strategy of Georgia

SUSTAINABLE DEVELOPMENT, POVERTY AND THE ENVIRONMENT: A CHALLENGE TO THE GLOBAL COMMUNITY

Cyber Security Strategy

Testimony of Matthew Rhoades Director Cyberspace & Security Program Truman National Security Project & Center for National Policy

REGULATIONS FOR THE DEGREE OF MASTER OF INTERNATIONAL AND PUBLIC AFFAIRS (MIPA)

Confrontation or Collaboration?

A Reluctant Cyber Security Agreement between the US and China

Cyber Security Ultimately Is Military Security

ROAD TO NATO: SHARING INTEGRATION AND MEMBERSHIP EXPERIENCE ECONOMIC NATO

General Assembly. United Nations A/69/723

The Implication of TMD System in Japan to China s Security

CERT Collaboration with ISP to Enhance Cybersecurity Jinhyun CHO, KrCERT/CC Korea Internet & Security Agency

Online International Interdisciplinary Research Journal, {Bi-Monthly}, ISSN , Volume-III, Issue-IV, July-Aug 2013

ORGANISATION FOR ECONOMIC CO-OPERATION AND DEVELOPMENT

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

Anonymous CPS 182s 9/20/2003. ISP-3: The Rise of the Internet Service Providers

DIGITAL AGENDA FOR LATIN AMERICA AND THE CARIBBEAN (elac2018)

S. ll IN THE SENATE OF THE UNITED STATES

22 ND ANNUAL MEETING OF THE ASIA-PACIFIC PARLIAMENTARY FORUM RESOLUTION APPF22/RES 01

Ensuring protection European Union Guidelines on Human Rights Defenders

Cyber Security Recommendations October 29, 2002

FOSTERING DIALOGUE AND MUTUAL UNDERSTANDING

Assessment of the terror threat to Denmark

GLOBAL CONFERENCE ON CYBERSPACE 2015 CHAIR S STATEMENT

Summary Overview: US National Security Strategy May 2010

DIGITALEUROPE and European Services Forum (ESF) response to the Draft Supervision Rules on Insurance Institutions Adopting Digitalised Operations

As global mobile internet penetration increases the cybercrime and cyberterrorism vector is extended

Research Project RM Assumed role of India in the international community in the short and medium

The development of Shinawatra University s international graduate program in joint public and business administration (PBA)

CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD

A COMPREHENSIVE INTER-AMERICAN CYBERSECURITY STRATEGY: A MULTIDIMENSIONAL AND MULTIDISCIPLINARY APPROACH TO CREATING A CULTURE OF CYBERSECURITY

GRADUATE INSTITUTE OF INTERNATIONAL AFFAIRS AND STRATEGIC STUDIES

UN Emergency Summit on Cyber Security Topic Abstract

Cyber Security Strategy for Germany

OECD Council Recommendation on Principles for Internet Policy Making. 13 December 2011

CHINA AND THE END OF POVERTY IN AFRICA. towards mutual benefit?

Trading Forum 2013 Geneva, 12 th March 2013 Financial market regulation and commodity markets

The U.S.-China-Taiwan Triangle Relationship and American Domestic Politics.

Declaration of Principles of the World Summit. Tunis in 2005 adopted by Heads of States and Governments stated that:

Asian International Relations (POLS 244)

Cyber Stability 2015 Geneva, 09 July African Union Perspectives on Cybersecurity and Cybercrime Issues.

Une nouvelle gouvernance mondiale pour le développement durable. The Exhaustion of Sovereignty: International Shaping of Domestic Authority Structures

The Printing Press: A Vehicle for Modernity

THE FOREIGN POLICY OF MEXICO. Andres Manuel Lopez Obrador President For a Stronger and Better Mexico

INTERNATIONAL COOPERATION IN CRIMINAL MATTERS (Practical approach to certain issues which are not regulated by law and international treaties)

CYBER SECURITY THREATS AND RESPONSES

The UK cyber security strategy: Landscape review. Cross-government

How Effective are International Approaches for Global Cyber Security?

PEOPLE'S REPUBLIC OF CHINA. (New York, May 4, 2010) Please Check Against Delivery MISSION TO THE UNITED NATIONS

AN INSIGHT TO CYBER WORLD WITH PROF. MICHAEL E.SMITH

STATEMENT OF JOSEPH M. DEMAREST, JR. ASSISTANT DIRECTOR CYBER DIVISION FEDERAL BUREAU OF INVESTIGATION

GAO CRITICAL INFRASTRUCTURE PROTECTION. Significant Challenges in Developing Analysis, Warning, and Response Capabilities.

Dear Delegates, It is a pleasure to welcome you to the 2014 Montessori Model United Nations Conference.

While interagency education and training have long been staples of the intelligence and

Bangkok Declaration Synergies and Responses: Strategic Alliances in Crime Prevention and Criminal Justice

THE CULTURE OF INNOVATION AND THE BUILDING OF KNOWLEDGE SOCIETIES. - Issue Paper -

SUMMARY OF THE ESTONIAN INFORMATION SYSTEM S AUTHORITY ON ENSURING CYBER SECURITY IN 2012

Cyberspace Situational Awarness in National Security System

A Commander s Perspective on Building the Capacity of Foreign Countries Military Forces

AT A HEARING ENTITLED THREATS TO THE HOMELAND

The Senior Executive s Role in Cybersecurity. By: Andrew Serwin and Ron Plesco.

STATEMENT OF MR. THOMAS ATKIN ACTING ASSISTANT SECRETARY OF DEFENSE FOR HOMELAND DEFENSE AND GLOBAL SECURITY OFFICE OF THE SECRETARY OF DEFENSE;

Overview of the OECD work on transfer pricing

Transcription:

China s Cybersecurity Challenges and Foreign Policy Gao Fei For the People s Republic of China s first thirty years of history (1949-1978), Chinese foreign security policy focused mainly on protecting its sovereignty and preventing invasion. Since then, China has shifted its focus to economic development. While the rise of the information age and the modern technological revolution facilitated the country s transition, these shifts have also engendered new challenges. Cybersecurity is one such challenge, and has emerged as a major Chinese national security issue. Gao Fei is an Associate Professor and Director of Research at China Foreign Affairs University, and a Fulbright Scholar at the George Washington University. China is Increasingly Dependent on the Internet Internet penetration and use are growing rapidly in China. As of December 2010, China had 457 million Internet users, an increase of 73.3 million from the previous year. Overall Internet penetration has climbed to 34.3 percent of the population, an increase of 5.4 percent compared to the end of 2009. Broadband use is also growing quickly. By December 2010, China had 450 million broadband users (including DSL, cable, optical access, power line communication, Ethernet, and mobile broadband users), and 98.3 percent of the Chinese population used a broadband connection to access the Internet in the first half of 2010. 1 [185]

CHINA S CYBERSECURITY CHALLENGES AND FOREIGN POLICY Commercial Internet applications are also increasingly prevalent in China, which is pushing e-commerce development and changing users habits. In 2010, over 160 million Chinese consumers shopped online, an increase of 48.6 percent from the previous year. Online payment and e-banking users have reached 137 million and 139 million respectively, with annual growth rates of 45.8 percent and 48.2 percent from the end of 2009. 2 Chinese enterprises are increasingly dependent on the Internet for business development. As of December 2010, 94.8 percent of China s small to medium enterprises (SMEs) are equipped with computers, and 92.7 percent have some form of Internet access. Among China s larger enterprises, nearly 100 percent have some form of Internet access. 3 The PRC is still a developing country, and the information technology revolution is bringing critical development opportunities. Both the Chinese government and Chinese enterprises advocate Internet infrastructure construction. The Chinese government contends that informatization is the driving force behind worldwide globalization and China s urbanization. The information revolution has already made great strides in China over the past ten years. Ten years ago the Internet was nothing in China; now you can do nothing in China without the Internet. China s Vulnerabilities and Problems The Internet is a doubleedged sword. It creates new opportunities, but also brings new vulnerabilities and problems. China currently faces Ten years ago the Internet was nothing in China; now you can do nothing in China without the Internet. The Chinese government is also pushing Internet development by advocating efficient e-government at all levels nationwide. 1999 was the Year of E-Government. Since then, many different government departments and levels have established their own websites. 4 In addition to providing basic government services, E-Government also makes it easier for government departments and units to publish information and provide policy advice. China s E-Government drive is increasing not only governmental work efficiency, but also governmental transparency. severe cybersecurity challenges. China is currently one of the greatest victims of botnet attacks worldwide. A botnet is a group of computers infiltrated by a hacker and infected with malicious software, generally for the purpose of attacking other information systems. These botnets are distributed across the globe. In 2007 the Honeynet Project, an international security research organization, found the highest number of botnets in Brazil, followed by China, Malaysia, Taiwan, Korea, and Mexico. 5 The commandand-control servers directing these [186] Georgetown Journal of International Affairs

FEI International Engagement on Cyber machines were are located primarily in the United States, followed by China, Korea, Germany, and the Netherlands. By the close of 2007, Symantec identified around 3.2 million distinct bots worldwide. The largest numbers of botinfected computers are found in the United States (14 percent of total bots measured), followed by Germany (9.5 percent), and China (7.8 percent). Chinese websites are also vulnerable to malicious attacks. In September 2009, 3,513 websites were tampered with in China. Among those, 256 were government websites. The National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/CC) has detected over 140,000 Internet clients suffering from botnet infections; half of those are located in the Chinese mainland. According to China s Ministry of Public Security, Chinese websites, especially government websites (gov. cn), suffer outside hacking attacks at an average rate of nearly two thousand per month. 6 Although the above statistics were gathered by different countries and organizations, at different times, and using different methodologies, they all clearly demonstrate that China is facing very serious cybersecurity challenges across multiple fronts. Although all countries face cybersecurity challenges and vulnerabilities, China s problems are particularly acute. First, given the rapid growth of the Internet in China, officials who create and implement cybersecurity laws, regulations, and policies are finding it difficult to stay apace with the rate of change. These challenges are only increasing with the transition to highspeed broadband networks. Ongoing inter-departmental government coordination exists on matters of information security, risk assessment, standards development, product development, and the fight against online criminal activities. While such coordination has achieved positive results, there is no comprehensive national cybersecurity strategy to guide these efforts. Second, although the United States and other developed economies depend heavily on industry expertise and public-private cooperation to address their cybersecurity challenges, China s information and communications technology (ICT) enterprises are still relatively inexperienced. Not only does the Chinese government presently lack the expertise to deal with these new security challenges, but it also does not have strong private-sector partners with substantial industry experience. Prior to the age of Internet telecommunications, the government was responsible for security, and enterprises were responsible for production. The Internet has created a new scenario: network technology is innovating and evolving so quickly that the government cannot keep up with market demands and guarantee security without industry cooperation. Most domestic Internet enterprises in China are still relatively new private companies, and it takes time to develop the close public-private cooperation that is necessary for effective security in the post-broadband era. Third, all countries are currently struggling to find an acceptable balance between cybersecurity which generally requires some form of government oversight and personal data privacy as well as information freedom. China is no exception. Developing democ- [187]

CHINA S CYBERSECURITY CHALLENGES AND FOREIGN POLICY racy is an important goal for many people in China. In October 2010, Chinese Premier Wen Jiabao stated in a CNN interview: I believe I and all the Chinese people have such conviction that China will make continuous progress and the people s wishes and The absence of mutual trust magnifies the difficulties of cybersecurity cooperation among nations. need for democracy and freedom are irresistible I hope you will be able to gradually see the continuous progress of China. 7 While the government is the key force driving China s modernization, the Internet is driving the development of the mass media. For this reason, China s social elites pay particular attention to the diverse views and debates surrounding cybersecurity and information freedom issues. Some elites support strict Internet controls to protect national security; others emphasize protecting information freedom and encouraging technical innovation, similar to the U.S. approach. Even in the United States and European Union, both of which possess strong democratic institutions and value the free flow of information, leaders and members of the public alike are debating and weighing individual rights versus states security issues. Debating such issues openly is particularly difficult in China, a state that has yet to transition toward democracy and lacks open public debate on issues that the government deems sensitive. Fourth, lagging international cooperation in the cyber arena increases security challenges for all actors. The Internet has no borders, and thus no country can guarantee security on its own. The controllers of most of the botnets found in China were based abroad. Moreover, more than 80 percent of the cyber attacks targeting Chinese government websites came from overseas. 8 In this new environment, where actors can use information networks to attack one another across borders and without the knowledge of the host country, traditional political disputes among nations may give rise to new problems. For example, if an organization is considered a terrorist group by Country A but a legitimate human rights organization by B, country B may end up providing a base for this organization to attack the websites of Country A, subsequently leading to increased tensions among states. The absence of mutual trust magnifies the difficulties of cybersecurity cooperation among nations. China s Cybersecurity Foreign Policy China is a developing country, though after thirty years of reform and opening up to the outside world, China has experienced tremendous internal change. In particular, the rapid growth of China s economy and the country s growing ties with the rest of the world stand out as immensely important, and have led Chinese officials to gradually develop what they have dubbed as a New Security Concept. The basic [188] Georgetown Journal of International Affairs

FEI International Engagement on Cyber tenets of this New Security Concept are mutual trust, mutual benefit, equality, and consultation. 9 The New Security Concept takes a long-term view on security relations and respects other nations practical interests. It encourages nations to build trust through consultation and to protect national security by means of multilateral coordination. Specifically, the New Security Concept emphasizes multilateral ties, which stress the interdependence among nations in terms of security; multilateral cooperation, which replaces confrontation as the effective route to security; comprehensive security mechanisms that possess economic, technical, social, and environmental dimensions in addition to traditional military and political dimensions; and institution building as a legitimate means to enhancing security, rather than relying on use of the military. 10 The New Security Concept not only focuses on traditional security but also emphasizes non-traditional challenges. Cybersecurity is itself a non-traditional security challenge. The Chinese government has stated that [i]nformation security bears on international security and stability, as well as national economy and people s livelihood. Under the new circumstances with multiple security threats, rising non-traditional security factors and increasingly rampant international terrorism activities, information security has become an important issue in the field of international security. 11 China is continuously developing new laws, regulations, and technical standards to deal with new cybersecurity challenges. At the same time, China maintains that all states must bear responsibility for appropriately addressing issues of information security and stability, since enhanced cybersecurity serves a common global interest. China therefore advocates bilateral and multilateral international cooperation for addressing these mutual challenges. U.S.-China cybersecurity cooperation dates back to 9 June 1999. Professor Wu Shizhong, Director of the China National Information Security Testing Evaluation and Certification Center (CNISTECC), told U.S. embassy officials that his government was willing to cooperate with the United States on cybersecurity issues. He stated that the CNISTECC would welcome any information concerning Chinese hacker attacks against U.S. targets, because China and the U.S. should cooperate on information security matters. 12 Chinese and U.S. research institutes have now already established institutional cooperation. China founded the National Computer Network Emergency Response Technical Team/Coordination Center of China (CNCERT/ CC) in October 2000. 13 Its main task is to coordinate China s nationwide Computer Emergency Reaction Team (CERT) operations to deal with online emergencies, to provide technical and service assistance, and to organize international cooperation with similar agencies. Under the banner of its proposed East-West Institute, CNCERT has already brought together Chinese and American experts for an Institution on Sino-U.S. Cyber Security Dialogue. As of June 2010, these experts have met on three separate occasions. China and the United States are also launching intergovernmental communication meetings and dialogues on cybersecurity issues. The PRC also supports multilat- [189]

CHINA S CYBERSECURITY CHALLENGES AND FOREIGN POLICY eral cybersecurity cooperation. Officials believe that the United Nations is the appropriate forum to address information security issues. China supports the UN General Assembly and the UN Group of Governmental Experts on Information Security continuing their comprehensive indepth studies on threats and challenges in the field of information security. It also supports their goal of developing reasonable and feasible measures within the context of international security and arms control. 14 In sum, cybersecurity has emerged as an important issue in the field of international security. All countries face the same basic vulnerabilities in cyberspace. Security dilemmas may lead to a cyber arms race and to deteriorating security of cyberspace. Humankind has already suffered two World Wars and a Cold War in the last century. Such historical tragedies demand that states discard a zero-sum game mentality. Enhancing cybersecurity serves the common interest of all countries and is also the common responsibility of the individual states. The global cybersecurity challenge could provide opportunities to promote international coordination, to better coordinate the activities and interests of governments and private sector, and to intensify communication among technological and service departments and ministries. Chinese leaders believe that as long as all countries acknowledge existing problems and demonstrate the political will to address them, the international community can arrive at a consensus regarding the appropriate means to deal with threats and challenges in the field of information security. 1 China Internet Network Information Center (CNNIC), Statistical Report on Internet Development in China, Internet, http://www1.cnnic.cn/ uploadfiles/pdf/2011/2/28/153752.pdf, 3-5 (date accessed: (29 April 2011). 2 Ibid, 42. 3 Ibid, 61. 4 All Chinese E-Government websites are located at http://www.grchina.com. 5 Markus Koettner, Know Your Enemy: Tracking Botnets, Internet, http://www.honeynet.org/ papers/bots/ (date accessed: 13 May 2011). 6 Paper of New Culture, Internet, http:// news.163.com/10/0201/01/5udbqdi20001124j. html (date accessed: 25 April 2011). 7 Tanya Branigan, Wen Jiabao talks of democracy and freedom in CNN interview, The Guardian, Internet, http://www.guardian.co.uk/world/2010/ oct/04/wen-jiabao-china-reform-cnn-interview (date accessed: 27 April 2011). NOTES 8 http://www.ln.xinhuanet.com/itpd/2010-11/12/ content_21379793.htm. 9 Cong Peng (Ed.), Comparative Studies: Security Concepts of Great Powers, (International Affairs Publishing House: 2004); 267-268. 10 Meng Xiangqing, Shanghai Five Regime: Successful Practice of New Security Concept, PLA Daily, [Jiefangjun Bao], 12 June 2001. 11 Information Security, Ministry of Foreign Affairs of the People s Republic of China, Internet, http://www.fmprc.gov.cn/eng/wjb/zzjg/jks/kjlc/qtwt/ t410768.htm (date accessed: 1 May 2011). 12 China: Information Security, A June 1999 report from U.S. Embassy Beijing, Internet, http:// www.fas.org/nuke/guide/china/doctrine/infscju99. html (date accessed: 30 April 2011). 13 The website for National Computer Network Emergency Response Technical Team/Coordination Center of China is www.cert.org.cn. 14 See note 11 above. [190] Georgetown Journal of International Affairs

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information