In a 2010 White Paper, China reaffirmed its earlier international commitments to collaborate internationally for cybersecurity. China’s strongest commitments on cybersecurity came in the 2003 UN General Assembly Resolution 57/239 on “Creation of a global culture of cybersecurity” and in the 2003 Geneva Declaration of Principles of the World Summit on the Information Society. There were earlier resolutions beginning in 1999 on the implications for international security and 2001 on combating criminal misuse of information technologies.
Examples of such commitments can also be found in the 2009 ASEAN-China framework agreement on network and information security emergency response and the 2009 agreement within the Shanghai Cooperation Organization on information security. In July 2006, the ASEAN Regional Forum (ARF), which included China, issued a statement that its members should implement cybercrime and cybersecurity laws “in accordance with their national conditions and by referring to relevant international instruments”.
The ARF has also called on its members to collaborate in addressing criminal, including terrorist, misuse of cyber space. China Japan, Korea have agreed a work plan that “includes projects on network and information security policies and mechanisms, joint response to cyber attacks (including hacking and viruses), information exchange on online privacy protection information, and creation of a Working Group to promote this cooperation” The APEC Working Group on Telecommunications agreed an action plan for 2010-2015 that included “fostering a safe and trusted ICT environment”, the security of networked systems, sharing of best practice approaches, joint technical cooperation, and cybersecurity awareness initiatives. The plan commits members to work with industry. In January 2011, the United States and China committed for the first time at head of state level to work together on a bilateral basis on issues of cybersecurity.
China is clearly on an institutional pathway of collaboration for cybersecurity. So what are the challenges? As the CEO of McAfee, Dave DeWalt noted in January 2010, some 20 countries seemed to be involved in a cyber arms race. He cited a survey commissioned by McAfee of around 600 IT executives worldwide which showed that 60 per cent believed that most attacks were government-initiated, with roughly equal numbers (36 and 33 per cent) seeing the United States and China as the main villains. But as the McAfee poll result suggests, the biggest challenges may not be just inside China itself. We are all familiar with the political and social situation in China. That presents a large enough set of problems for international collaboration from the perspective of countries like the United States.
This was made plain by the United States Secretary of State, Hillary Clinton, on 15 February this year in a famous speech on internet freedom. At the same time, the United States for its part may have not laid a very positive foundation for better international collaboration. As observed in a famous 1996 article in Foreign Affairs by Professor Joe Nye and Admiral William Owens, “The information technologies driving America's emerging military capabilities may change classic deterrence theory.” The United States went on to develop information dominance of the battlefield as a fundamental part of its military strategy. It was quite within its rights to do so. But events since 1996 have shown how profoundly this change of strategy did shift the calculus of deterrence between China and the United States.
The question to pose is how much does the American cyberwar doctrine, essentially a pre-emptive doctrine of “strategic strike in milliseconds”, contribute to China’s current patterns of cyber espionage and cyber operations internationally. If pre-emptive war is not credited much legitimacy in the world at large, then perhaps it is time to understand how a United States doctrine of pre-emptive cyber war may be driving Chinese responses -- and vice versa.