5 minute read
China’s Cyber Policies
// Juha A. Vuori - Professor of International Politics - Tampere University
The People’s Republic of China can be counted among the top three in the great power deployment of cyber capabilities both in their military strategies and intelligence activities. China’s brand in cyber espionage has been the gathering of industrial and other economically viable information for the benefit of China’s military complex and other branches of industry. China’s policy in this regard has been seen as shifting since around the mid-2010s though. This change coincided with the revelation of severe weaknesses in the cyber security of China’s cyber operations in the form of the Mandiant report and the Snowden leaks. These prompted president Xi Jinping to produce a cyber strategy for China and set cyber defence as its own branch of the People’s Liberation Army among the large scale military restructuring he oversaw. There have also been legislative reforms that have had a bearing on China’s cyber policies both domestically and internationally. These have included legislation regarding cybersecurity and terrorism.
Advertisement
Overall, China’s cyber strategy serves three types of aims.
First are the military defence and offence capabilities of the PLA in the cyber realm. China’s military doctrine has emphasized the informatization of warfare already since the 2000s where integrated network electronic warfare denotes what generally is labelled cyber war. This has been supplemented with the inclusion of asymmetric and hybrid forms of waging war. Unlike Russia though, China is not actively engaged in any military conflicts despite having had some border skirmishes with India and expanding its position in the South China Sea. The PLA’s Strategic Support Force has been tasked with developing China’s offensive cyber capacities, and for defending China’s military and state assets.
The second task of China’s cyber strategy is economic.
While representatives of the US has admitted that it engages in industrial espionage, they also claim that such information is not used for the benefit of US companies but merely as national security intelligence. In China though, where even the PLA has been engaged in economic activities, industrial espionage has been used to develop state industries and to directly benefit particular companies. Xi’s line has been to reduce this role in the strategy though: as long as China’s industries rely on intelligence gathering for their development, they will always lag behind. Xi’s goal is to make China a cyber power and a leader in many fields of technology, which has meant that this role has been reduced.
The third task in the strategy is to guarantee the domestic security situation.
This has meant the development of the world’s most efficient surveillance and dataveillance system directed China’s own citizens. These systems that deploy facial recognition and wide scale censorship activity target both potential violent terrorist activities and political dissidence. While China is connected to the world-wide internet, it also has the capacity to isolate China and prevent most of its netizens from accessing information freely. These systems are in place to guarantee the security of the Communist Party, but they have also made online China doubly vulnerable. As citizens cannot be allowed to have secure communication without the potential for intervention, Chinese citizens and small businesses have very low levels of cyber security systems in place. Chinese cybersecurity education, industry, and culture are all underdeveloped. This has made China very vulnerable to international cyber-attacks and espionage too.
In addition to these three main missions China also engages in cyber intelligence gathering. Reducing the industrial espionage role of China’s cyber missions has meant an increase in political intelligence gathering. This is also evident in what China affiliated APT groups have publicly been identified as doing. This shift can be viewed as a normalization of China’s cyber activities and a maturation of China’s great power politics. While China’s brand is shifting away from economic espionage, it still largely avoids the use of damaging cyber capacities beyond displaying its potential for such capabilities.
China so called soft power has been evaluated as fairly weak compared to the potential its culture represents. This is also reflected in how China’s misinformation campaigns have been conducted. While China has established Chinese media outlets internationally and also produces content for international consumption, the effectiveness of its information campaigns does not compare well with those of Russia. Furthermore, the brunt of such activities takes place in East Asia and along the Belt and Road rather than the US or Europe.
Internationally, China is a proponent of internet sovereignty and the establishment of a new international treaty that would codify the conduct of cyber operations. This places China closer to Russia and directly against the position of the US that supports the application of pre-existing international law into the field of networked information spaces. Like in its overall international politics, China is against the militarization of such networks and promotes the view that states should respect the sovereignty of others and not interfere in their internal affairs. This view leaves the conduct of nondamaging intelligence gathering and low level interference such as DNS attacks in place.
When China’s cyber policies are viewed in the context of its overall foreign policy lines and the nature of its political order they appear consistent and in line with both. Even though China has been forced into a trade war with the US and is expanding its hold in the South China Sea, China still aims to keep itself off the acute security agenda of other major powers. China’s domestic policies make China vulnerable to outside cyber assaults both due to its underdeveloped cyber security culture and the ever widening dependence on electronic activities in the everyday. This vulnerability means that China will avoid escalating its cyber operations beyond interference and espionage in peacetime.
Juha A. Vuori, Professor of International Politics, Tampere University
Juha A. Vuori is Professor of International Politics at Tampere University and adjunct professor of World Politics at the University of Helsinki. Before that he was a professor of World/International Politics at the University of Helsinki and the University of Turku. Vuori has published widely on China’s politics of security and is the principal investigator of the Academy of Finland consortium Security in China. His other research interests include securitization theory, visual security studies, and nuclear weapons related issues. Vuori is former president of both the Finnish International Studies Association and the Finnish Peace Research Association, and the current treasurer of the European International Studies Association.
FURTHER READING: Austin, Greg (2018): Cybersecurity in China: The next wake. Cham: Springer. Davis, Elizabeth Van Wie (2021): Shadow warfare: Cyberwar policy in the United States, Russia, and China. New York: Rowman & Littlefield. Paltemaa, Lauri & Vuori, Juha A. (2009): Regime Transition and the Chinese Politics of Technology – From Mass Science to the Controlled Internet. Asian Journal of Political Science 17(1): 1–23. Paltemaa, Lauri & Vuori, Juha A. & Mattlin, Mikael & Katajisto, Jouko (2020): Meta-information censorship and the creation of the Chinanet Bubble. Information, Communication and Society 23(14): 2064–2080. Vuori, Juha A. & Paltemaa, Lauri (2015): The Lexicon of Fear: Chinese Internet Control Practice in Sina Weibo Microblog Censorship. Surveillance & Society 13(3/4): 400-421.
