• No results found

China s Cybersecurity Challenges and

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "China s Cybersecurity Challenges and"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Foreign Policy

Gao Fei

For the People’s Republic of China’s first thirty years of history (1949-1978), Chinese foreign security policy focused mainly on protecting its sovereignty and prevent-ing invasion. Since then, China has shifted its focus to economic development. While the rise of the information age and the modern technological revolution facilitated the country’s transition, these shifts have also engendered new challenges. Cybersecurity is one such challenge, and has emerged as a major Chinese national security issue.

China is Increasingly Dependent on the

Internet

Internet penetration and use are growing rapidly in China. As of December 2010, China had 457 million Internet users, an increase of 73.3 million from the previous year. Overall Internet penetration has climbed to 34.3 per-cent of the population, an increase of 5.4 perper-cent compared to the end of 2009. Broadband use is also growing quickly. By December 2010, China had 450 million broadband users (including DSL, cable, optical access, power line com-munication, Ethernet, and mobile broadband users), and 98.3 percent of the Chinese population used a broadband connection to access the Internet in the first half of 2010.1

Gao Fei is an Associate Profes-sor and Director of Research at China Foreign Affairs University, and a Fulbright Scholar at the George Wash-ington University.

(2)

CHINA’S CYBERSECURITY CHALLENGES AND FOREIGN POLICY

Commercial Internet applica-tions are also increasingly prevalent in China, which is pushing e-commerce development and changing users’ hab-its. In 2010, over 160 million Chinese consumers shopped online, an increase of 48.6 percent from the previous year. Online payment and e-banking users have reached 137 million and 139 million respectively, with annu-al growth rates of 45.8 percent and 48.2 percent from the end of 2009.2

Chinese enterprises are increasingly dependent on the Internet for business development. As of December 2010, 94.8 percent of China’s small to medium enterprises (SMEs) are equipped with computers, and 92.7 percent have some form of Internet access. Among China’s larger enterprises, nearly 100 percent have some form of Internet access.3

The Chinese government is also pushing Internet development by advo-cating efficient e-government at all lev-els nationwide. 1999 was the “Year of E-Government.” Since then, many different government departments and levels have established their own web-sites.4 In addition to providing basic

government services, E-Government also makes it easier for government departments and units to publish infor-mation and provide policy advice. Chi-na’s E-Government drive is increasing not only governmental work efficiency, but also governmental transparency.

The PRC is still a developing coun-try, and the information technology revolution is bringing critical develop-ment opportunities. Both the Chinese government and Chinese enterprises advocate Internet infrastructure con-struction. The Chinese government contends that informatization is the driving force behind worldwide glo-balization and China’s urbanization. The information revolution has already made great strides in China over the past ten years. Ten years ago the Internet was nothing in China; now you can do nothing in China without the Internet.

China’s Vulnerabilities and

Problems

The Internet is a double-edged sword. It creates new opportuni-ties, but also brings new vulnerabilities and problems. China currently faces

severe cybersecurity challenges. China is currently one of the greatest victims of botnet attacks worldwide. A “bot-net” is a group of computers infil-trated by a hacker and infected with malicious software, generally for the purpose of attacking other information systems. These botnets are distributed across the globe. In 2007 the Hon-eynet Project, an international secu-rity research organization, found the highest number of botnets in Brazil, followed by China, Malaysia, Taiwan, Korea, and Mexico.5 The

command-and-control servers directing these

Ten years ago

the Internet was nothing

in China; now you can do nothing in China

without the Internet.

(3)

[187]

machines were are located primarily in the United States, followed by China, Korea, Germany, and the Netherlands. By the close of 2007, Symantec identi-fied around 3.2 million distinct bots worldwide. The largest numbers of bot-infected computers are found in the United States (14 percent of total bots measured), followed by Germany (9.5 percent), and China (7.8 percent).

Chinese websites are also vulner-able to malicious attacks. In September 2009, 3,513 websites were tampered with in China. Among those, 256 were government websites. The Nation-al Computer Network Emergency Response Technical Team/Coordina-tion Center of China (CNCERT/CC) has detected over 140,000 Internet cli-ents suffering from botnet infections; half of those are located in the Chinese mainland. According to China’s Minis-try of Public Security, Chinese websites, especially government websites (gov. cn), suffer outside hacking attacks at an average rate of nearly two thousand per month.6 Although the above

statis-tics were gathered by different coun-tries and organizations, at different times, and using different methodolo-gies, they all clearly demonstrate that China is facing very serious cybersecu-rity challenges across multiple fronts. Although all countries face cyber-security challenges and vulnerabili-ties, China’s problems are particularly acute. First, given the rapid growth of the Internet in China, officials who create and implement cybersecurity laws, regulations, and policies are find-ing it difficult to stay apace with the rate of change. These challenges are only increasing with the transition to high-speed broadband networks. Ongoing

inter-departmental government coor-dination exists on matters of informa-tion security, risk assessment, standards development, product development, and the fight against online crimi-nal activities. While such coordination has achieved positive results, there is no comprehensive national cyberse-curity strategy to guide these efforts.

Second, although the United States and other developed economies depend heavily on industry expertise and pub-lic-private cooperation to address their cybersecurity challenges, China’s information and communications technology (ICT) enterprises are still relatively inexperienced. Not only does the Chinese government presently lack the expertise to deal with these new security challenges, but it also does not have strong private-sector partners with substantial industry experience. Prior to the age of Internet telecommuni-cations, the government was respon-sible for security, and enterprises were responsible for production. The Internet has created a new scenario: network technology is innovating and evolving so quickly that the government cannot keep up with market demands and guarantee security without industry cooperation. Most domestic Internet enterprises in China are still relatively new private companies, and it takes time to develop the close public-private cooperation that is necessary for effec-tive security in the post-broadband era.

Third, all countries are currently struggling to find an acceptable balance between cybersecurity—which gener-ally requires some form of government oversight—and personal data privacy as well as information freedom. China is no exception. Developing

(4)

democ-CHINA’S CYBERSECURITY CHALLENGES AND FOREIGN POLICY

racy is an important goal for many people in China. In October 2010, Chinese Premier Wen Jiabao stated in a CNN interview: “I believe I and all the Chinese people have such convic-tion that China will make continuous progress and the people’s wishes and

need for democracy and freedom are irresistible… I hope you will be able to gradually see the continuous progress of China.”7 While the government is

the key force driving China’s mod-ernization, the Internet is driving the development of the mass media. For this reason, China’s social elites pay particular attention to the diverse views and debates surrounding cybersecu-rity and information freedom issues. Some elites support strict Internet con-trols to protect national security; others emphasize protecting information free-dom and encouraging technical inno-vation, similar to the U.S. approach.

Even in the United States and Euro-pean Union, both of which possess strong democratic institutions and value the free flow of information, leaders and members of the public alike are debating and weighing indi-vidual rights versus states security issues. Debating such issues openly is par-ticularly difficult in China, a state that has yet to transition toward democracy and lacks open public debate on issues that the government deems sensitive.

Fourth, lagging international coop-eration in the cyber arena increases

security challenges for all actors. The Internet has no borders, and thus no country can guarantee security on its own. The controllers of most of the bot-nets found in China were based abroad. Moreover, more than 80 percent of the cyber attacks targeting Chinese

govern-ment websites came from overseas.8 In

this new environment, where actors can use information networks to attack one another across borders and without the knowledge of the host country, tradi-tional political disputes among nations may give rise to new problems. For example, if an organization is consid-ered a terrorist group by Country A but a legitimate human rights orga-nization by B, country B may end up providing a base for this organization to attack the websites of Country A, sub-sequently leading to increased tensions among states. The absence of mutual trust magnifies the difficulties of cyber-security cooperation among nations.

China’s Cybersecurity Foreign

Policy

China is a developing country, though after thirty years of reform and opening up to the outside world, China has experienced tremendous internal change. In particular, the rapid growth of China’s economy and the country’s growing ties with the rest of the world stand out as immensely important, and have led Chinese officials to gradu-ally develop what they have dubbed as a “New Security Concept.” The basic

The absence

of mutual trust magnifies

the difficulties of cybersecurity cooperation

among nations.

(5)

[189]

tenets of this New Security Concept are mutual trust, mutual benefit, equal-ity, and consultation.9 The New

Secu-rity Concept takes a long-term view on security relations and respects other nations’ practical interests. It encour-ages nations to build trust through con-sultation and to protect national security by means of multilateral coordination.

Specifically, the New Security Con-cept emphasizes multilateral ties, which stress the interdependence among nations in terms of security; multilateral cooperation, which replaces confronta-tion as the effective route to security; comprehensive security mechanisms that possess economic, technical, social, and environmental dimensions in addi-tion to tradiaddi-tional military and political dimensions; and institution building as a legitimate means to enhancing secu-rity, rather than relying on use of the military.10 The New Security Concept

not only focuses on traditional secu-rity but also emphasizes non-tradi-tional challenges. Cybersecurity is itself a non-traditional security challenge.

The Chinese government has stated that “[i]nformation security bears on international security and stability, as well as national economy and people’s livelihood…. Under the new circum-stances with multiple security threats, rising non-traditional security factors and increasingly rampant international terrorism activities, information secu-rity has become an important issue in the field of international security.”11

China is continuously developing new laws, regulations, and technical standards to deal with new cyberse-curity challenges. At the same time, China maintains that all states must bear responsibility for appropriately

addressing issues of information securi-ty and stabilisecuri-ty, since enhanced cyberse-curity serves a common global interest. China therefore advocates bilateral and multilateral international cooperation for addressing these mutual challenges.

U.S.-China cybersecurity coopera-tion dates back to 9 June 1999. Profes-sor Wu Shizhong, Director of the China National Information Security Testing Evaluation and Certification Center (CNISTECC), told U.S. embassy offi-cials that his government was willing to cooperate with the United States on cybersecurity issues. He stated that the CNISTECC would welcome any information concerning Chinese hack-er attacks against U.S. targets, because “China and the U.S. should cooper-ate on information security matters.”12

Chinese and U.S. research institutes have now already established institu-tional cooperation. China founded the National Computer Network Emer-gency Response Technical Team/Coor-dination Center of China (CNCERT/ CC) in October 2000.13 Its main task

is to coordinate China’s nationwide Computer Emergency Reaction Team (CERT) operations to deal with online emergencies, to provide technical and service assistance, and to organize inter-national cooperation with similar agen-cies. Under the banner of its proposed East-West Institute, CNCERT has already brought together Chinese and American experts for an Institution on Sino-U.S. Cyber Security Dialogue. As of June 2010, these experts have met on three separate occasions. China and the United States are also launching inter-governmental communication meetings and dialogues on cybersecurity issues.

(6)

multilat-eral cybersecurity cooperation. Offi-cials believe that the United Nations is the appropriate forum to address information security issues. China supports the UN General Assembly and the UN Group of Governmen-tal Experts on Information Security continuing their comprehensive in-depth studies on threats and chal-lenges in the field of information security. It also supports their goal of developing reasonable and feasible measures within the context of inter-national security and arms control.14

In sum, cybersecurity has emerged as an important issue in the field of inter-national security. All countries face the same basic vulnerabilities in cyberspace. Security dilemmas may lead to a cyber arms race and to deteriorating security of cyberspace. Humankind has already suffered two World Wars and a Cold

War in the last century. Such histori-cal tragedies demand that states discard a zero-sum game mentality. Enhanc-ing cybersecurity serves the common interest of all countries and is also the common responsibility of the indi-vidual states. The global cybersecurity challenge could provide opportunities to promote international coordina-tion, to better coordinate the activi-ties and interests of governments and private sector, and to intensify com-munication among technological and service departments and ministries. Chinese leaders believe that as long as all countries acknowledge existing problems and demonstrate the political will to address them, the international community can arrive at a consen-sus regarding the appropriate means to deal with threats and challenges in the field of information security.

CHINA’S CYBERSECURITY CHALLENGES AND FOREIGN POLICY

NOTES

1 China Internet Network Information Cen-ter (CNNIC), Statistical Report on InCen-ternet Devel-opment in China, Internet, http://www1.cnnic.cn/ uploadfiles/pdf/2011/2/28/153752.pdf, 3-5 (date accessed: (29 April 2011).

2 Ibid, 42. 3 Ibid, 61.

4 All Chinese E-Government websites are located at http://www.grchina.com.

5 Markus Koettner, “Know Your Enemy: Track-ing Botnets,” Internet, http://www.honeynet.org/ papers/bots/ (date accessed: 13 May 2011).

6 “Paper of New Culture,” Internet, http:// news.163.com/10/0201/01/5UDBQDI20001124J. html (date accessed: 25 April 2011).

7 Tanya Branigan, “Wen Jiabao talks of democ-racy and freedom in CNN interview,” The Guardian, Internet, http://www.guardian.co.uk/world/2010/ oct/04/wen-jiabao-china-reform-cnn-interview (date accessed: 27 April 2011).

8 http://www.ln.xinhuanet.com/itpd/2010-11/12/ content_21379793.htm.

9 Cong Peng (Ed.), Comparative Studies: Secu-rity Concepts of Great Powers, (International Affairs Publishing House: 2004); 267-268.

10 Meng Xiangqing, ‘“Shanghai Five” Regime: Successful Practice of New Security Concept,’ PLA Daily, [Jiefangjun Bao], 12 June 2001.

11 “Information Security,” Ministry of Foreign Affairs of the People’s Republic of China, Internet, http://www.fmprc.gov.cn/eng/wjb/zzjg/jks/kjlc/qtwt/ t410768.htm (date accessed: 1 May 2011).

12 “China: Information Security, A June 1999 report from U.S. Embassy Beijing,” Internet, http:// www.fas.org/nuke/guide/china/doctrine/infscju99. html (date accessed: 30 April 2011).

13 The website for National Computer Network Emergency Response Technical Team/Coordination Center of China is www.cert.org.cn.

References

Download now ( PDF - 6 Page - 132.29 KB )

Related documents

The interplay between emotional arousal and memory processes – from large-scale to translational fMRI studies

(2019), we used multi-voxel pattern analysis (MVPA) to identify a network of brain regions that was linked to perceived arousal during the encoding of negative and neutral pictures

APPENDIX A. Application Criteria Questions

CDBG will use the parallel TSEP ranking criterion general scoring definitions to rank the project concept and technical design for the proposed CDBG project.. CDBG will use

Social Networks and Trade Liberalization

We next use the same set of parameter values for an experiment in which we eliminate a tariff on imports and again compare free trade with tariff equilibrium, but now do this in

Children s Initiatives and Programs from a QI Perspective. CalQIC Annual Conference March 15, 2018

The STRTP must be licensed by CCL, meet Mental Health Program Approval status by DHCS or the County MHP, and Medi-Cal certified by the County MHP and directly deliver or arrange

Financial Variables Having Significant Impact on Market Price of Shares

In an efficient market, share price is determined by company’s fundamental internal variables like return on assets (ROA), book value per share (BVPS), cash flow per share

Ignoring information in binary choice with continuous variables: When is less 'more'?

The goal of this paper is to provide a theoretical analysis – for the case of continuous variables – of why and when single-variable models can be more effective in binary choice

Efforts to Produce Siamese Citrus Fruit Out of Season and Fruit Quality Improvement Through Application of Potassium Nitrate and Agrodyke Fertilizer

Efforts to produce Siamese citrus fruit out of The variables observed in this study include: number of shots per tree, number of flowers per tree, percentage

The bidirectional association between sleep problems and autism spectrum disorder

ASD: Autism spectrum disorder; BSI: Brief Symptom Inventory; CBCL: Child Behavior Checklist; DSM: Diagnostic and Statistical Manual of Mental Disorders; ICPC: