On Monday, the military chiefs from China and the U.S., Gen. Fang Fenghui and Gen. Martin Dempsey, gave a joint press conference after holding meetings throughout the day. As expected, cybersecurity was a major topic of discussion in these meetings, as the Obama administration is ramping up pressure on China to curb its alleged cyber attacks on U.S. companies.
In a Wall Street Journal report that (not coincidentally) appeared on the same day of Fang and Dempsey’s meetings, numerous unnamed U.S. officials were quoted as saying that there has been a sharp increase in the number of American corporations who have approached the administration in recent months, to ask them to do more to curb China’s cyber attacks.
In response the administration held a meeting with Chinese officials in January where a U.S. intelligence official gave a two hour long presentation laying out the evidence of Chinese military involvement in these attacks. At the same time, since then the administration has continued to try to increase engagement with China on this issue, including during Secretary of State John Kerry’s trip to the country earlier this month, when the two sides agreed to begin holding a dialogue on cybersecurity.
Gen. Fang’s remarks at the press conference yesterday have been widely depicted by international media report as another sign that China will work with the U.S. on cybersecurity. According to Bloomberg News, Fang said at the press conference:“If Internet security cannot be controlled, it’s not an exaggeration to say the effects could be no less than a nuclear bomb.”
This may not be as placating as it sounds, however, or at the very least was not taken to be the Pentagon, who summarized Fang’s remarks on its site as having said “if Internet is not managed well,” without attributing that direct quote to Fang.
The fact that the story on the Pentagon’s website used the words “not managed well” seems significant. After all, China and other countries often use words like “management” and “supervision” of the internet to describe actions that Western governments would call censorship.
Indeed, Fang and Dempsey’s meeting takes place in the context of a larger battle for control over the internet that is being waged by a bloc of countries led by Russia and China, which believe that national and international organizations should have greater control over cyberspace, and the mostly Western states who argue that non-governmental organizations and the private sector should continue to regulate the internet.
This battle was on full display at a December UN conference in Dubai that was held to update the treaty that created the International Telecommunications Union (ITU), a UN Agency, when it was first signed in the late 1980’s. What should have been a relatively uncontroversial matter became quite heated when countries led by Russia, China, and Iran proposed language that would expand the ITU’s mission to include cyberspace. Western nations balked at this proposal arguing these new provisions would give the ITU—and by extension, national governments— greater authority to regulate and censor the internet. No common ground could be found between the two camps during the two week conference, prompting the Western nations to storm out in the final days.
In this context, one interpretation of Gen. Fang’s remarks is that China is responding to U.S. concerns over the cyber attacks by saying that it absolutely agrees that cyber activities pose a huge threat (comparable to nuclear weapons), and that the proper response to counter this threat is to give governments’ greater control over the internet.
Other comments Fang made at the press conference seem to support this interpretation. For example, Fang reportedly said, “The Internet is open to everyone and attacks can be launched from anywhere.” More government control over cyberspace could allow them to prevent the Internet from being open to everybody across all borders.
Fang also reportedly spoke at length about the difficulty of attribution when it comes to cyber attacks, something China has been emphasizing since the allegations of its cyber attacks on American companies began. On the one hand, this is done to dispute that the U.S. intelligence actually proves the PLA is directly responsible for the attacks. On the other hand, some of the ways countries might strengthen their capabilities for pinpointing cyber attacks could include forcing users to provide their real identities when purchasing internet service or registering with social media sites, both of which China is doing.
This interpertation also just makes sense from a policy standpoint. China to respond in this way to U.S. allegations that it conducts cyber attacks on American companies. On the one hand, China would be able to present itself as quite willing to cooperate with the U.S. on cybersecurity. On the other hand, its approach to addressing the issue is one America is almost certain to reject. Thus, the status-quo persists but it is America, not China, that is seen as unwilling to play ball in the cyber world.