But, as documented in my 2014 book Cyber Policy in China, Xi’s cyber focus had been decades in the making. China has been struggling since 1983 to overcome its technological backwardness for the information economy and, since around 2000, for a potential cyber war.
Xi’s government has taken many measures to turn China into a cyber power. In September 2014, Xi told the country that it needed a new cyber military strategy. In December 2014, the government introduced new regulations for cyber security intended to help promote the rapid growth of China’s domestic cyber-security industry. In May 2015, China issued a new military strategy in which the government declared for the first time in such a document the idea that ‘[o]uter space and cyber space have become new commanding heights in strategic competition among all parties’.
Also in May, the National People’s Congress released a draft bill on National Security, which — according to Xinhua — gives cyber security a special place in its provisions for strengthening government controls over foreign technologies and related investment in China. The bill passed in July 2015, the same month China released a draft law on network security with sweeping new provisions on control of foreign technologies and data management.
Accumulating reports of China’s continuing success in cyber espionage against the United States, such as the recent theft of private data held by the Office of Personnel Management on more than 20 million U.S. citizens, might also be taken as evidence of rapid progress towards Xi’s ambition.
Yet, when the World Economic Forum published its annual Network Readiness Index in April 2015 comparing the cyber capability of 143 countries, China was still sitting in 62nd place, the same spot it occupied the previous year. This was down from 36th place in 2011 and lower than countries like Jordan, Mauritius and Costa Rica. (China’s low position is due, in part, to the per capita comparisons in the index that distort the relative wealth and technological capabilities of countries.)
China has, of course, made great strides, but the United States, Japan, Korea, Singapore and Europe have raced ahead as well. As noted by China 2030, a 2012 joint report by the World Bank and the Chinese government’s Development Research Center, ‘innovation at the technology frontier is quite different in nature from simply catching up technologically’.
From the techno-nationalist frame in which many Chinese view cyber power, as do those in the West suspicious of China, these developments might seem ominous and a possible presage to some sort of confrontation between China and the more powerful West. Chinese leaders have definitely become more fearful of ‘hostile Western influences’ and are very anxious to overcome their technological inferiority through greater indigenisation of cyber-related industries.
But this reading would not represent the totality of the Chinese leadership’s position on the balance to be struck between China’s aspirations for sovereign capabilities and a globalised cyber industrial complex.
On the one hand, even a superficial reading of new Chinese laws and draft bills on cyber policy, reveals unusual attention to the importance of international economic relations. Chinese leaders know that the country’s cyber sector will remain highly dependent on foreign technology transfer and investment from the most advanced countries for many years, probably decades.
On the other hand, in spite of reports of a blacklist of US-based companies that have been named publicly by Edward Snowden as participating in cyber espionage against China, China continues to solicit and accept massive investments from these companies. For example, during a June 2015 visit to China, Cisco’s incoming CEO, Chuck Robbins, announced that the company would invest US$10 billion in China — a move that was widely seen as an effort to rebuild trust with the country.
In 2015 China also signed up (unofficially) to expansive new norms (or normative principles) elaborated by the UN Group of Governmental Experts on cooperative relations in cyber space. The political weight of China’s support for these prinicples is reflected in a formal agreement with Russia, in which the two countries agree not to undertake actions like ‘unlawful use or unsanctioned interference in the information resources of the other side, particularly through computer attack’.
China’s formal position is that national security in cyber space can only be achieved through international collaboration, not just with the 60 or so like-minded countries — such as Russia — that support Chinese positions in international forums, but also with the technology-leading countries, like the United States and Japan, and their partners in Europe.
Greg Austin is a professorial fellow at the EastWest Institute in New York and a Visiting Professor in the Australian Centre for Cyber Security at the Australian Defence Force Academy.