Since China joined the internet in 1994, China-U.S. cyber relations have gone through three stages - asymmetrical balance, bitter confrontation, and mutually distrustful competition and cooperation – and have entered a fourth.
The first stage of relations was from 1994 to Google’s withdrawal from mainland China in January 2010. This stage saw a relatively amicable balance, despite the asymmetry between the two countries’ cyber capabilities. Many U.S. companies, like Microsoft, Cisco, Google, and Oracle, set up their branches in China, while China generally accepted online frameworks, protocols, and technologies. However, clashes between the two countries from incidents like the U.S. bombing of the Chinese embassy in Belgrade, U.S. arms sales to Taiwan, and the jet collision provoked trials of strength between Chinese and American hackers.
The second stage was from 2010 to Edward Snowden’s exposure of the U.S. PRISM project in June 2013. This stage was marked by U.S. offense and Chinese defense. The U.S. side criticized China’s cyber censorship and launched a campaign against the so-called “China cyber threat”. The differences between the two countries’ approaches to the internet sharpened. The U.S. supports internet freedom, while China emphasizes cyber sovereignty; the U.S. emphasizes the participation of enterprises in cyber governance, while China emphasizes cooperation between governments, with any participation from enterprises happening through governments. In addition, accusations of “cyber espionage” poured on China. One report from cybersecurity firm Mandiant was titled “Exposing One of China’s Cyber Espionage Units.”
The third stage was from June 2013 to the WannaCry ransomware attacks of May 2017. This stage was marked by mutual suspicion, competition, and cooperation. With Edward Snowden’s leakage of U.S. intelligence agencies’ extensive surveillance operations over the rest of the world, including its allies, the U.S. has lost the moral high ground. Now, China-U.S. dialogue on cyber issues can proceed on an equal footing. In June 2013, when President Xi Jinping met with President Barack Obama at the Annenberg Estate, they reached a consensus on cooperating with each other to solve cyber issues. Then, the China-U.S. cyber working group held the first meeting in July under the framework of the Strategic Security Dialogue. In May 2014, the U.S. Department of Justice charged five Chinese PLA officers for hacking into private American companies. Consequently, the working group was suspended. In 2015, about 80 million Americans’ health care records and 22 million federal workers’ personal data were allegedly stolen by Chinese hackers. Unlike many others, the Obama administration did not directly point its finger at China. In September 2015, President Xi visited the U.S. and gave top priority to cyber issues, in what was regarded as the first summit meeting on cyber security. Since then, China and the U.S. have held three high-level dialogues on cybercrime and one meeting of the senior experts group on international norms in cyberspace, opened a hotline, conducted simulation exercises, and held exchanges on individual cases. In April 4, when President Xi met with President Donald Trump at Mar-a-Lago, he reiterated that it was in the interests of both countries to maintain cyber security, and that both sides should make good use of these mechanisms.
One month later, the WannaCry ransomware attacks infected more than 230,000 computers in over 150 countries, marking a new stage for China-U.S. cyber relationship. As Major General (ret.) Hao Yeli summarized at the Guanchao Cyberspace Forum on September 12, nowadays there are four major security threats in cyberspace: cyber terrorism, cyber crimes, misinformation, and a cyber arms race. The emergence of new threats calls for deeper China-U.S. cyber cooperation.
To counter cyber terrorism, China and the U.S. might continue their work on handling the illegal use of communication technologies to assist violent terrorist activities, and join hands to break the global links for terrorism propaganda, recruitment, and fund-raising. On combating cyber crimes, the two sides might continue to share information, and join hands to fight against money laundering, drug deals, smuggling, piracy, human trafficking, children pornography, and other unlawful activities in cyberspace. On controlling misinformation, China might share its experience in censorship, consult with the U.S. on the governance of online content and monitoring of hate speech and false information, and join hands to disseminate positive energy and to build a civilized cyberspace. On preventing a cyber arms race, the U.S. might reflect on its rapid buildup of cyber warfare forces and improvement of cyber operational doctrines, and should be held responsible for the leakage of cyber weapons.
Undoubtedly, there are still many differences between the two countries on cyber issues. Nevertheless, they have far more common interests, and cooperation is an irresistible trend. As China’s document, “International Strategy of Cooperation on Cyberspace,” points out, in cyberspace, countries are bound together by shared interests. It is in both countries’ shared interests to safeguard peace and security and foster a shared cyber community. Hopefully, the fourth stage of the China-U.S. cyber relationship will be marked by enhanced cooperation and coordinated governance.