Language : English 简体 繁體
Security

How to Rebuild Cybertrust

Jul 21, 2021
  • Lu Chuanying

    Fellow and Secretary-general of the Research Center for the International Governance of Cyberspace, SIIS

[CropImg]150827110917-cybersecurity-china-us-tease-super-tease.jpg

Since taking office, U.S. President Joe Biden has viewed China as a significant challenge in cyberspace and taken some harsh actions. Concerns have arisen around the world about whether this confrontation between China and the United States will escalate further.

In China-U.S. relations, cybersecurity involves both confrontation and cooperation. Confrontation is an inherently technical aspect of cybersecurity. With the birth of advanced digital technologies, cybersecurity confrontation immediately followed, imprinted on technology’s genes and seen more keenly now than ever before.

By contrast, cooperation is not an inherent attribute of cybersecurity. It gradually takes shape as more efforts are devoted to the development of systems and mechanisms.

The six consensuses on cybertheft reached by China and the U.S. in 2015 have played a key role in stabilizing their relations in cyberspace and preventing confrontation. Although these consensuses still play a vital role, a lack of follow-up development means that little progress has been made in cybersecurity cooperation. Instead, confrontation has intensified.

Many factors influence interactions between China and the U.S. in cybersecurity, but a lack of trust is the major issue. Trust is the basis of any cooperation, and without it, concrete initiatives are incredibly difficult to implement. Even if a consensus is reached, it can easily be undone.

Of course, building trust on cybersecurity is difficult because of certain dependencies. In international security, there is often an emphasis on “trust but verify,” in line with the belief that trust must rest on verifiable foundations. In cyberspace, technologies and their scale — unlike nuclear weapons — cannot be accurately measured, meaning that dialogues cannot be held on the basis of measurement. It is difficult to verify cybersecurity with current technologies.

This is, in part, due to the huge number of technologies used to hide identities and behaviors. Moreover, cybersecurity is difficult to accurately evaluate, meaning that understanding the capabilities of a counterpart is complicated. From this point of view, building trust in cybersecurity between China and the U.S. is indeed challenging.

Yet, the lack of trust on technology does not mean it is impossible to rebuild it between China and the U.S. Making carefully considered adjustments at the policy level can send a clear signal. In the field of cybersecurity, each side believes that trust has been broken by the other’s actions, so if the other alters its practices trust can be rebuilt. From China’s perspective, the overt tracing of cyberattacks back to the Chinese government or military — international initiatives that position China as an assumed enemy — and government-wide crackdowns on tech companies, such as Huawei, are seen as seriously undermining the trust that is fundamental to China-U.S. cooperation.

The U.S. government, and even U.S. businesses, frequently accuse the Chinese government of hacking, but rarely produce any evidence, resulting in a huge number of unsupported accusations. U.S. scholars have pointed out that the U.S. traces the origins of cyberattacks, to a large extent, to relieve domestic pressure and deflect conflict.

China has clearly expressed its willingness to enhance cooperation with the U.S. in the field of cybersecurity. If the U.S. discovers any clues related to such attacks, then China and the U.S. can work together to rule out spin and get to the truth.

The Clean Network program initiated by the administration of Donald Trump explicitly imagines China as an enemy and spares no efforts pushing other countries to accept that. This approach has not only failed to solve U.S. cybersecurity issues but has contributed to dividing the international community. Many governments have stated that they have their own definitions regarding clean networks and cybersecurity. These countries have not become more secure as a result of the Clean Network program. Instead, they have paid a huge price for the conflict between the U.S. and China.

There is no reason for the U.S. to suppress Chinese tech companies. The U.S. has repeatedly said that Huawei jeopardizes national security. However, the U.S. has long excluded Huawei from its market. Huawei’s communications equipment and mobile device business in the U.S. is negligible. It is also worth noting that the U.S. move to detain the daughter of Huawei’s founder through Canada has affected the Chinese people’s attitude toward the U.S. and deeply damaged trust between the two countries.

In addition, companies such as Tencent and ByteDance have clearly expressed their willingness to establish independent organizations in the U.S. to fully comply with all necessary regulations, such as data localization requirements and regulations. Under such circumstances, it is unjustified for the U.S. government to continue suppressing Chinese tech companies on grounds of national security.

Of course, the U.S. can raise concerns about trusting China. Mutual trust can be built between the two sides through candid exchanges and constructive interactions, thus reversing the current trend of escalating confrontation in the crucial high-tech realm. 

You might also like
Back to Top