Chapter 3 The US and China on Cybersecurity: One issue, two different approaches 26
3.2 The evolution of the concept of Cybersecurity
3.2.2 China’s approach to Cybersecurity
“Without cybersecurity, there is no national security; without informatization, there is no
modernization” (没有⽹络安全就没有国家安全,没有信息化就没有现代化) stated President
Xi Jinping to the news agency Xinhua. The Chinese government perceives software from the western countries as a threat to the national security of China, therefore its use domestically is highly regulated, proof of this is the expulsion of Google and other US made technologies from China.
‧
國
立 政 治 大 學
‧
N a
tio na
l C h engchi U ni ve rs it y
In the case of China, the ministries responsible for cyber-security policies are those that are already dealing with more general security issues, such as Ministry for Public Security (中 华
⼈民共和国公安部 ) responsible for the areas of cybercrime and infrastructure security. The Ministry for Industry and Informatization (中华 ⼈民共和国⼯业和信息化部) which coordinates cooperation with the private sector. The General Staff Division of the People’s Liberation Army (中国⼈民解放军总参谋部) that mainly provides information about cyber attacks. Figure 3.5 shows more in-depth the key actors in cybersecurity policies in China.
Figure 3.5. Key Actors in Cybersecurity Policies in China.
Adapted from "Cyber security in China: New political leadership focuses on boosting national security..” By Hauke Gierow and Leah
‧
國
立 政 治 大 學
‧
N a
tio na
l C h engchi U ni ve rs it y
The Chinese government has taken concrete efforts to enhance its cybersecurity, in order to create a more centralized body to control the cyber related issues, in 2014, founded the Central Cyber Security and Informatization Leading Group (中央⽹络安全和信息 化领导⼩组), in which the head of the Organization is Xi Jinping himself. This group focuses on cyber issues in almost all its aspects, from economic, political, cultural and even military issues. It is a breaking point in Chinese history regarding cybersecurity, the news agency Xinhua categorized it as “an important step” in the Chinese efforts to create a national strategy regarding cybersecurity and informatization. President Xi pursues this strategy by focusing on two main aspects: Developing technology and ensuring cybersecurity
This Group brings high ranking officials together with representatives of ministries such as the Ministry of Finance, Education, and Culture as well as the National Development and Reform Commission. This Group is not an executive entity but develops the guidelines for China’s cybersecurity policies and works close to the State Council Internet Information Office.
The Leading Group, according to Xinhua acknowledges that China is a major victim of cyberattacks, saying that for example in the case of 2013, nearly 900,000 individual IP addresses suffered attacks from foreign viruses.
Until the creation of the Leading Group, the responsibility regarding cybersecurity in China was divided among many departments within the Government, so one of the goals in creating the Leading Group was to unify efforts by top-level guidance. It aimed to “establish a strong and authoritative mechanism at the central level” to deal with China’s cybersecurity. The Leading Group, besides of taking care of external threats, also regulates the domestic content of
‧
國
立 政 治 大 學
‧
N a
tio na
l C h engchi U ni ve rs it y
China’s Internet in order to create what President Xi described as “an essential prerequisite for overall security”
The issue of cybersecurity has been present in the Chinese legislation for more than fifteen years, the first Chinese cybersecurity strategy was developed in 2013 by the National Coordination Small Group for Cyber and Information Security (全国⽹ 络与信息安全协调⼩
组).
Historically, we can trace China’s current cybersecurity strategy back to 2012 and its
“Opinion of the State Council Concerning Forcefully Moving Informatization Development Forward and Realistically Guaranteeing Information Security” (国务院关于⼤⼒ 推进信息化发 展和切实保障信息安全的若⼲意见) (中华⼈民共和国国务院, 2012).
The strategy defines some objectives such as boos broadband expansion in China, develop Chinese security technology, tighten the control of the internet to “uphold good morals in the Net”, research new generation mobile networks, and expand e-government services in China (Gierow, 2014a)
Cybersecurity in China is a national priority, proof of that is that President Xi Jinping has recently headed the newly formed Central Internet Security and Informatization Leading Group.
Xi Jinping has made cybersecurity a focal point in government work. (Gierow, 2014b).
The key feature of the Chinese cybersecurity policy is to develop a high-powered domestic Information Technology industry in order to protect China form “potential threats from foreign software”(Gierow, 2014a). The problem with China is that it has not pursued a coherent
‧
國
立 政 治 大 學
‧
N a
tio na
l C h engchi U ni ve rs it y
strategy regarding cybersecurity. This is a really interesting fact given the nature of the Government in China that it’s so centralized.
Cybersecurity regulations in China encourage purely the economic use of Information and Communications Technologies characterized by a strict governmental control. This with the objective of balancing economic modernization and the stability through political control.
Notwithstanding, the policies are vague and create uncertainty most of the time. Also the fact that some western services such as Google or facebook in China has been a concern for some foreign firms.
3.3 Summary
In this chapter, the contrasting approaches of both countries on cybersecurity are analyzed. The United States has become the pioneer in adapting and trying to regulate the cyberspace. When tackling the problem, the involvement that the United States has with International Organizations is clearly seen while China seems a bit less worried about this. Even though they have differences, both agree in saying that cybersecurity is one of their national priorities.
Neorealism’s idea of competition would help us explain why even though they have differences, the competition in cyberspace has created a tendency towards the sameness of the competitors. China, even though came relatively late to join the Internet Age, is slowly reaching the level of the United States. The liberal idea that cyberattacks are seen as a sovereignty and security weakener for states would explain why China, in a relatively short period of time, has taken so many efforts in having a more organized rule of law regarding cyberspace, all this with the goal of protecting its sovereignty.
‧
國
立 政 治 大 學