Since the end of 2012, the U.S. has been toning up its criticism of China’s alleged cyber-espionage, making cybersecurity a hot-spot issue in the bilateral relationship in the political leaders’ meetings and diplomatic talks, as well as a contentious topic in academic debates. The authors believe that besides differences in cyber capabilities, interests, and conception, other factors account for Sino-US cyber controversy.
First of all, the Obama administration’s cyber strategy has been frequently questioned and challenged by the Congress, enterprises, and NGOs. Therefore, the administration sees a benefit in framing China as a cyber adversary and exaggerating the potential threats and damages China could inflict on U.S. cyber security because such hyperbole helps alleviate domestic problems and promote the administration’s cyber strategy. Obama administration’s Cyberspace Policy Review and International Strategy for Cyberspace have articulated its intention of seeking and securing U.S. primacy in cyberspace by building up cyber power. American cyber resources are largely distributed among IT companies like Microsoft Corporation, Google, and six other giants (in China they are called the Eight King Kongs), as well as NGOs like ICANN (The Internet Corporation for Assigned Names and Numbers), IETF (The Internet Engineering Task Force), and civil society. The government attempted to integrate the scattered cyber resources of non-state actors through legislation and a Public-Private Cooperation, but met with vehement opposition from IT companies and NGOs. The Cyber Intelligence Sharing and Protection Act (CISPA), the Stop Online Piracy Act (SOPA), and the Protect IP Act (PIPA) pushed by the Obama administration also faced strong opposition from IT companies like Google, Yahoo, Amazon, and NGOs like Human Rights Watch, the American Civil Liberties Union, which had formed a united resistance front.
These impediments further motivated the administration to exaggerate the Chinese threats to cybersecurity. Mandiant, a cybersecurity company closely related to the U.S. military, released a report titled APT1: Exposing One of China’s Cyber Espionage Units in February 2013, directly blaming the Chinese government for sponsoring cyber espionage. The White House and Congress, followed by mainstream media, exploited the report to criticize China. A close alliance seemed to have been forged until the emergence of the whistleblower Edward Snowden. The administration’s active posture made enterprises and NGOs follow suit, enhancing the government’s leading role in cyber issues and its efforts in advancing the administration’s cyberspace strategy.
Secondly, because of the strategic importance, sensitivity, malleability, and ambiguity of cyber issues, anything about cyberspace is more likely to be incorporated into U.S. politics and foreign policy agenda after media hype. Cyberspace is strategically important because it has become an indispensable platform for a well functioning American society and a sustainable global village. The viability of financial, energy, electricity, and transportation infrastructure all depend on cybersecurity, so cybersecurity is a part of U.S. national security. Cyberspace is sensitive because it is the storage place of huge amounts of political, economic, cultural, military resources, and other sensitive information. The exploitation, regulation, and management of resources, the protection and surveillance of information are as equally concerning as other sensitive issues in American domestic politics like as IPR protection, counterterrorism, human rights, and many others. Though an indispensable platform for people’s daily life, cyberspace is malleable because people’s knowledge of how it works and its impact on life is still limited, preliminary, and susceptible to external factors. Ambiguity refers to the lack of effective governance mechanisms in cyberspace. Anonymous and transnational cyber attacks, crimes, and espionage are difficult to identify and trace their origins, and more difficult to find convicting evidence against the perpetrator, or for the accused to find compelling evidence to clear his name.
Though Americans, especially the media, are concerned about cybersecurity, they lack the specialized knowledge and psychological preparations that are needed for objective and impartial analysis. And when the damage is done, the American public tends to overreact, scrambling to find a punching bag. The media likes to use sensational headlines when reporting cyber attacks, and meanwhile government officials and lawmakers tend to magnify, reinforcing the public’s panic. For example, a groundless report released by the Commission on the Theft of American Intellectual Property claimed that the annual economic losses resulted from intellectual property theft—about 300 billion US dollars—nearly equals the value of American exports to Asia. Though the figure was doubtful, the widespread report had aroused broad and serious concerns. Framing China into a cyber power involved in cyber espionage and censorship, conforms to the mentality of targeting others’ as a punching bag.
Thirdly, the difference in policy-making process between China and the U.S. leads to ineffectual communication, distrust, and the failure in managing cyber issues. Cybersecurity is a strategic issue in the U.S., but a policy one in China. As the birthplace of the Internet, the U.S. is also the world’s most developed country in terms of cyber economy, politics, and culture. The role of cyberspace has never been undervalued by successive administrations, and has been all the more important since Barack Obama moved into the White House with the help of online social media. After taking office, the Obama administration highlighted the cyberspace’s strategic importance by releasing two monumental reports, Cyberspace Policy Review into the White House with tlient Information and Communication Infrastructure and International Strategy for Cyberspace, and establishing the White House Cybersecurity Office and the State Department Office of the Coordinator for Cyber Issues. Moreover, the U.S. established a Cyber Command to build up its cyber combat capabilities, and attached equal importance to the international order in cyberspace and the post-WWII global framework of economic and military security, seeking absolute U.S. supremacy in cyberspace. Besides these institutional reforms, at the execution level, President Obama has chaired and coordinated his cybersecurity team which includes heads of the State Department, Defense Department, Homeland Security, CIA, and the National Security Agency. By comparison in China, despite a booming Internet economy and a number of world-class IT companies, cybersecurity has not received adequate attention it deserves until recently. A working group headed by President Xi Jinping established on February 27th represents the Chinese government’s strategic goal of building a cyber power and heralds China’s cybersecurity strategy and cyberspace international strategy.
Right now, China’s cyberspace strategy is still in the making. On the one hand, the strategic positioning of cyberspace in the national strategy is still to be determined, and the regulatory and management authority over cyber issues reside with different government departments and commissions. For example, the Ministry of Industry and Information Technology is charged with Internet technology, infrastructure construction, and emergency response; the State Council Information Office is tasked with Internet content management, with its affiliated Internet Information Office undertaking nationwide informatization construction; the Ministry of Public Security is charged with ensuring cybersecurity and cracking down on cyber crimes; and the Ministry of National Defense is in charge of defending against cyber military attacks. On the other hand, departmental coordination is inadequate in the absence of a higher presiding body, making it difficult for China and the U.S. to conduct productive strategic dialogue on cyber issues. Before 2013 there was no bilateral dialogue mechanism on cyber issues between the two sides except for the U.S.-China Internet Industry Forum sponsored by the Internet Society of China and Microsoft Corporation, and the Track Two Dialogue between the China Institutes of Contemporary International Relations and the Center for Strategic and International Studies, attended by Chinese and American officials in charge of cyber affairs. Despite these interactions, ineffective communication and distrust is still a prominent problem leading to U.S. unilateral actions to pressure China, exacerbating differences and disagreements between the two. It was not until the Fifth Strategic and Economic Dialogue between China and the U.S. in 2013 that a dialogue mechanism on cyber issues was instituted and the first meeting of a cyber working group was held for the two sides to exchange views on institution-building, cyber diplomacy, and cyber international norms and rules. At the technical level, the two sides agreed to enhance cooperation on Internet emergency response; at the level of law enforcement, the two pledged to increase cooperation on crackdown on cyber attacks. As a result of the Dialogue, disputes on cyber issues between the two have been noticeably eased.
Finally, at the international level, Sino-U.S. disagreements on cyber issues are intertwined with the rule-making process in cyberspace. Standing in two opposite camps of policy ideology, the U.S. represents advanced IT countries while China speaks for emerging IT countries. Since 2011, a rivalry has been going on in which the two advocated different ideas, platforms, and approaches on cyberspace governance. Divergence in views and positions on cyberspace rule making does not necessarily lead to bilateral conflict, but the uncertainty of cyber issues as a part of the international agenda reinforces mutual distrust. There is no uniform perception of cyber power and resources because of the virtuality and evolution of the cyberspace. And when it comes to cyber governance, the first thing that various actors tend to do is constrain others while strengthen themselves. U.S. efforts in setting the international agenda stay focused on cyber liberties, security, and arms control, denying the United Nations the leadership role in cyberspace governance, demonstrating the posture of assuming U.S. supremacy in cyberspace. In comparison, China’s efforts prioritize cyber development, economy, and capacity building, as well as underscoring cyber sovereignty and the state’s predominant role in cyber governance. All this contributes to the gridlock in cyberspace rule making and both sides are involved in the blame game.
For all the disputes, China and America, as two cyber powers, still have convergent interests in such issues as ensuring cybersecurity, developing cyber economy, promoting informatization. The establishment of the cybersecurity and informatization working group will enhance cyber issues’ strategic role in China’s national strategy, increase Sino-U.S. dialogues on cyberspace, and translate outcomes of dialogues into relevant policies. On March 14th, the National Telecommunications & Information Administration under U.S. Department of Commerce said it planned to relinquish its role in managing the Internet’s address system and turn it over to global multi-stakeholders. This move will exert positive impact on cyber governance and lay the groundwork for easing the rivalry between China and America on cyber rule making and for enhancing mutual trust.
Shao Yuqun, Executive Director of the Center for American Studies, SIIS.
Lu Chuanying is a Research Fellow of the Center for American Studies, SIIS and Shao Yuqun is the Executive Director of the Center for American Studies, SIIS.