China Power

Understanding China’s Cyber Policy

Recent Features

China Power

Understanding China’s Cyber Policy

With both cyber and technology, outsiders tend to overstate how driven by the center China really is.

Joseph Nye has an interesting article in the Winter 2011 issue of Strategic Studies Quarterly that applies some of the lessons of the nuclear age to cybersecurity. It’s well worth the read, and I thought I might try the same, using what we know about the study of Chinese technology policy to shed some light on China and cyber.

Linking cyber and technology policy is a form of techno nationalism that’s widely and deeply held by Chinese policymakers. The objectives are clear: China doesn’t want to depend on other countries for critical technologies, the United States and Japan in particular. The 2006 Medium to Long Term Plan on Science and Technology (MLP) puts it plainly: “Facts have proved that, in areas critical to the national economy and security, core technologies cannot be purchased.” The Chinese tend to see the current system as, if not unfair, then stacked against them, and so commentaries often focus on competitors’ unfair advantages (U.S. firms dominate hardware and software sectors, 10 of the 13 root servers in U.S.) and China’s victimization (China is the biggest victim of cybercrime).

With both cyber and technology, outside observers have a tendency to overstate how driven by the center China really is. Yes, the MLP sets the goal of China becoming an “innovative nation” by 2020 and a “global scientific power” by 2050. Not surprising given Chinese history and national security concerns. But the document is of two minds about how to move up the value chain, including both a top-down, big-science and technology policy, as well as a bottom-up, entrepreneurial innovation strategy. In cyber, we tend to see China pursuing a coherent cyber strategy that involves pushing an Information Security Code of Conduct at the United Nations, the use of patriotic hackers, information war, and tight Internet control. Chinese analysts see the opposite, complaining that the U.S. – with the standing up of Cyber Command and promotion of the Internet Freedom agenda – has put China on the defensive and that Beijing is falling behind in cyberspace.

There’s also a question of how strategically China can implement. The world of technology policy is one of sectoral and regional differentiation, with industries and provinces interpreting national regulations to serve their own interests. Ministries, universities, and government research institutes behave similarly, and Chinese firms often identify more with their Western competitors than with their local bureaucratic partners. It’s hard to imagine that the Ministry of Public Security, Ministry of State Security, PLA, and Ministry of Industry and Information Technology play any nicer together in the sand box of cyber policy.

The prolific rate of cyber espionage – what Cyber Command head General Alexander called “the greatest transfer of wealth in history” – raises questions of China’s absorptive capacity. With technology imports, Chinese firms historically spent much less than Japanese and Korean companies did for diffusion and absorption. What is China doing with all of the IPR it’s allegedly stealing, and shouldn’t we start to see it paying off in more competitive Chinese firms? Not much public evidence exists that it’s helping Chinese companies move up the value chain (most evidence in the public domain is old-fashioned theft, see DuPont, Motorola, and American Semiconductor).

Finally, technology policy may tell us something about what might work for cyber, although progress, especially in protecting intellectual property rights, has been glacially slow and uneven. The issue must be raised at the highest level, including by the President and Vice President, something that it’s not clear has happened yet. Multilateral pressure should also be applied. China backed down from the compulsory introduction of WAPI, an alternative to WiFi, after the U.S. government, supported by Japan and the EU, threatened to take a case to the WTO.

Given the current state of the U.S.-China relationship in cyber, glacially slow and uneven might be an improvement.

Adam Segal is the Ira A. Lipman Senior Fellow for Counterterrorism and National Security Studies at the Council on Foreign Relations. He blogs at Asia Unbound, where this piece originally appeared. Follow him on Twitter @adschina.