The information revolution has been a mixed blessing for China and the world. On one hand, computer networks enhance economic productivity, national security, and social interaction. On the other, valuable information infrastructure provides lucrative targets for thieves, spies, and soldiers. Nearly every type of government agency, commercial firm, and social organization benefits from information technology, but they can also be harmed through cyberspace. Not a week goes by where a major hack is not reported in the media or countries chastise each other for cyberespionage.
In the absence of shared norms or even concepts, cybersecurity discourse becomes mired in competing morality tales. Chinese hackers are pillaging intellectual property and creating asymmetric threats. The National Security Agency (NSA) is jeopardizing civil liberties and weakening the Internet. Communist censorship is undermining the democratic promise of information technology, even as American firms unfairly dominate its development. Cybercrime is costing everyone trillions of dollars.
There is a grain of truth in all of these claims, which means that the phenomenon as a whole must be more complicated than any one suggests. China both generates and experiences serious cyber threats, shaped by a combination of bureaucratic politics and economic policy, domestic security imperatives, military modernization, and ambitions for international influence. Nevertheless, the United States and China both have far more to gain than lose through their digital interdependence.
Competing Threat Narratives
The United States and China regularly accuse each other of abuse. Disputes over espionage and internet governance are creating tensions that need active management to limit their effects on diplomatic relations.
Cybersecurity pessimists increasingly dominate American thinking on this subject. President Barack Obama wrote that “the cyber threat to our nation is one of the most serious economic and national security challenges we face.” This growing worry about the vulnerability of cyberspace to espionage or disruption is motivated to no small extent by concerns about China’s economic and military development. As FBI Director James B. Comey noted , “For too long, the Chinese government has blatantly sought to use cyber espionage to obtain economic advantage for its state-owned industries.”
The concern extends to America’s closest allies. The director-general of MI5 sent a confidential letter to three hundred corporate executives expressing “concerns about the possible damage to U.K. business resulting from electronic attack sponsored by Chinese state organizations, and the fact that the attacks are designed to defeat best-practice IT security systems.”Australia barred Chinese telecommunications giant Huawei from bidding on its national broadband network out of concerns that covert, “back doors” might be installed.
Yet, Western accounts of this threat tell only one side of the story. Chinese leaders are also quite concerned about cyber insecurity. President Xi Jinping stresses “the importance and urgency of internet security and informatization” and describes the dual goals of security and development as “two wings of a bird and two wheels of an engine. . . . No internet safety means no national security. No informatization means no modernization.” Xi’s predecessor, Hu Jintao, likewise observed , “We should attach great importance to maritime, space, and cyberspace security.”
Chinese authors frequently note that China is also a victim of foreign cyberattacks, predominantly from the United States, citing staggering statistics of tens or hundreds of thousands of attacks and compromised machines per month. The director of China’s National Computer Network Emergency Response Technical Team and Coordination Center (CNCERT/CC) asserted, “We have mountains of data, if we wanted to accuse the U.S., but it’s not helpful in solving the problem.” Another researcher at the China Foreign Affairs University broadened this view: “For months, Washington has been accusing China of cyber espionage, but it turns out that the biggest threat to the pursuit of individual freedom and privacy in the U.S. is the unbridled power of the government.”
American attempts to articulate the difference between the political-military targets of U.S. cyber espionage and the economic targets of Chinese espionage, or between Internet control as practiced by China and metadata collection as practiced by the NSA, have tended to fall on deaf ears.
China’s Troubled Cybersecurity Apparatus
China’s domestic political economy differs considerably from that of Western countries, with important implications for cybersecurity. Although China is an authoritarian party state, administrative governance is bureaucratically fragmented and hyper-competitive by nature.
Cybersecurity coordination across military, law enforcement, diplomats, and industrial regulators is challenging under the best conditions, but it is particularly difficult in the top-down yet compartmentalized Chinese system. The pervasive role of the state leaves little room for the advocacy or protection of civil society or corporate interests.
One particularly distinguishing characteristic of the Chinese concept of information security ( xinxi anquan ) is that it emphasizes Internet content as much as, if not more than, technical network security ( wangluo anquan ). In the United States, by contrast, malware and hackers rather than data and ideas are perceived as the principal dangers in cyberspace.