The report about U.S. National Security Agency engaging in espionage on Chinese telecom company Huawei and Chinese leaders further exacerbates China’s domestic concerns about cyber security and may bring some unexpected changes to Sino-US cooperation on cyber issues.
In the past year, Chinese media has been focusing on cyber security incidents. In June 2013, as the Prism project revealed, US intelligence monitored Chinese academic institutions and individuals, which soon became an open class for Chinese public about cyber espionage. In August 2013, some hackers leaked over 20 million private records to the internet, which came from several hotel chains, including customer’s name, ID number, date of checking and room numbers. Also in the second half of 2013, Chinese media reported the super online banking system (widely used online payment software) had an authorization loophole by which criminals can easily steal money through. According to the released recently 2013 Internet Security Report made by the National Internet Emergency Center (CNCERT), the agency found 7,854 types of cyber security vulnerabilities, including 2,607 high-risk ones, both of which increased 15.1% and 6.8% respectively, compared to 2012. Malicious mobile apps increased significantly. CNCERT captured 703,000 samples, an increase of 3.3 times compared to 2012. It showed that Chinese Internet security situation was deteriorating.
Combining the growing concerns, the awareness about cyber security is also changing in China, which is clear in the more serious incidents of 2014. On January 21, 2014, China had a largest-ever internet interruption. Domestic users in China could not normally access the website end domains as .com or .net for several hours. Many people suspected that the incident was caused by a foreign cyber attack on the DNS servers. As none of 13 global DNS root servers are located in China, this incident also reflected that China’s cyber security was still controlled by others. In April, two other incidents also caused widespread concern. On April 8, Microsoft officially stopped the security supporting of Windows XP, which would affect hundreds of millions of Chinese users. For many Chinese users, they find it difficult to adapt to another operating system rather than Windows XP. On April 9, a major security flaw called Heartbleed caused no small panic in China. In the past, Chinese media showed less attention to such cyber vulnerabilities overseas, but this time, Chinese media used “earthquake” and “nuclear attacks” to describe the event. Their views are broadly similar to their foreign peers.
Not only the public, Chinese decision-makers have been treating it more seriously. Cyber security has become an important part of national security, same as the economic security and military security. In February 2014, president Xi addressed that with “no cyber security, there is no national security and modernization.” In April, Xi highlighted that cyber security was a national security at the first meeting of the central cyber security and information leading group. Also in April, Xi took it as one of the 11 most important security areas of China in the first meeting of the National Security Commission.
Along with these changes, Chinese government has been introducing several policies and mechanisms on cyber security this year and ahead. In February, the central cyber security and information-leading group was formally established with President Xi Jinping as the director, and Li Keqiang and Liu Yunshan as deputy directors. This became the highest standard cyber security management mechanism in Chinese history. It is reported that China’s first national security strategy document had been in ministerial coordination stage, and expected to be announced in the first half of this year. The report also suggested that the strategy would focus on building China’s independent cyber security infrastructure, technology and software systems. The local governments also increase its attention. The Beijing government established the first capital cyber security day in April 29 to educate the public.
These new changes affect not only the Chinese domestic views and response to cyber security, but also bring some new opportunities and challenges in Sino-US cooperation.
On the positive side, China has more clear understanding and awareness about the dangers of cyber attacks. The perception gap between China and the U.S. in this issue is being reduced, which will help both sides to establish a common view about the threat of cyber incidents in their dialogue. Secondly, China’s attitudes toward international cooperation have become more proactive, as China had claimed to enhance China-EU cyber cooperation in April. It is foreseeable that China will also strengthen its cooperation platforms with US, Korea and BRIC countries. In the 2014 Boao Forum for Asia, China opened a special forum on the theme of the “code of conduct in cyberspace and international cooperation”, which showed China has become more positive on this issue.
On the negative side, some cyber incidents like the PRISM and other foreign cyber attacks hurt the strategic mutual trust between China and US, which will affect the atmosphere of dialogue and will make it more difficult to resolve differences. First, the PRISM confirms China’s persistent worry that the US is using their hegemony and technological advantages on the Internet to enrich its national interests. Since President Obama is reluctant to change its cyber surveillance project, China has to prepare some appropriate defensive measures. Secondly, China has become increasingly dissatisfied with the fact that others control the core Internet technology, as shown in several external security risks. This may make China develop more independent and a different Internet system, which may cause new conflictions between the two countries. Finally, after US decides to increase its cyber soldiers to 6,000 units over the next three years, China’s concern about cyber warfare is also getting serious, which may trigger an unwelcome cyber arms race between the two countries.
Li Zheng is an Assistant Researcher at the Institute of American Studies of China Institutes of Contemporary International Relations.