Commentary | March 18, 2014

China's Cybersecurity Push and the Need for Sino-U.S. Cooperation

Writing for China-U.S. Focus, Franz-Stefan Gady says that China is "emphatically reconfirming" the importance of cybersecurity, citing the creation of a new body to oversee internet activities and information. The U.S. and China must work together more closely to combat cyber crime and develop a mutually beneficial relationship. 

Last week the Chinese state-run Xinhua News Agency announced that Chinese President Xi Jinping is personally presiding over a newly founded government body entitled the Central Internet Security and Informatization Leading Group. A similar and less senior group, in the past headed by the Chinese Premier, has been in existence since 1993. The purpose of the new group is to “lead and coordinate Internet security and informatization work among different sectors, as well as draft national strategies, development plans and major policies in this field.” 

The exact mechanism, mission and scope of this new body are unclear. However, the two deputy heads of the group, Li Keqiang and Liu Yunshan, the former the leading figure behind China’s economic policy, the latter the director of the Propaganda Department of the Communist Party of China Central Committee, suggest that a principal emphasize will be placed on streamlining content control (e.g., internet censorship) and to ramp-up cyber security in the ever modernizing Chinese private sector. 

This new body reconfirms emphatically the strategic importance of cybersecurity to the Chinese leadership. Diplomats and foreign policy makers in both the United States and China can no longer deny that this issue will be of the utmost importance in the years ahead (Coincidentally, in the U.S. State Department, a new function has been added to the post of Under Secretary of State for Economic Growth, Energy, and the Environment, Catherine A. Novelli, as the Department’s Senior Coordinator for International Information Technology Diplomacy). It also confirms that even in the high echelons of power, leaders agree that cybersecurity can no longer be viewed in isolation, merely confined to the technical level and technical experts.  Cybersecurity permeates all spheres of the China-U.S. relationship in one way or the other, whether it is the relationship with Taiwan, human rights, trade negotiations, or military to military dialogues. 

With regard to the China-U.S. relationship in cyberspace in particular, impaired by the NSA scandal and accusations of Chinese industrial espionage, this new body should be seen as an incentive to more than ever push China-U.S. cooperation on a selective number of cybersecurity issues such as the protection of mutually beneficial critical information infrastructure from cyber attacks and better ways to cooperate on jointly combatting cyber crime. 

Ostensibly, this may seem difficult. The report of the U.S.-China Economic and Secuirty Review Commission bluntly stated that China has not cut down on its industrial espionage activities in the United States. Conversely, China has not stopped pointing out the alleged double standard of the United States on this subject, perennially citing the Snowden revelations as a backup. During the China-US Summit in June 2013 in California, Xi Jinping insisted that China was also a victim of “cyber theft.” President Obama characterized the discussions on cybersecurity “very blunt.” Even progress of the official China-US Working Group on cybersecurity, hailed as a step in the right direction, has also been very slow. 

Yet, given the volatile nature of the current world economy and the importance of both the United States and China within it, ways have to be found where both countries can cooperate on certain mutually beneficial issues, while circumventing their disagreements in other domains. For example, my colleague Dr. Greg Austin, in a keynote delivered at the 2014 Canada-US Cybersecurity Conference: Securing Our Financial Infrastructure proposes that China and the United States cooperate on the international protection for exchanges and clearing houses in cyberspace. 

Austin argues, “states should commit by treaty to the absolute protection in cyberspace of designated exchanges and clearing houses in the same way as they now commit to the absolute protection of diplomats as internationally protected persons and embassies as internationally protected premises.” For example, a China-U.S. working group could look at the 1997 Convention on Crimes against Internationally protected persons and use it as a framework for a “Convention on Internationally Protected Facilities.” Of course, this will be a tricky thing to sell to the private sector. Government intervention especially in the financial sector is a touchy political subject. Yet the risks in cyberspace are ever increasing and time for voluntary best practices may have run out. 

With regard to the United State and China jointly working on such a sensitive issue there is surprisingly a precedent from 2010. Back then, the United States and China were among some 24 countries to sign the 2010 Beijing Convention and 2010 Beijing Protocol, multilateral agreements which require states, inter alia, to criminalize cyber attacks (though the convention used a more general term of “new technologies”), and certain preparatory activities, that target civil air navigation facilities and aircraft in flight, as Austin outlined in his addressed. 

Perhaps then, the new emphasis by the Chinese political elite on cybersecurity, as exemplified by the new Central Internet Security and Informatization Leading Group, should be used by the United States to explore this option. 

Read the full piece on China-U.S. Focus