Related Articles Commentary Paper SIIS Report
Jan 04 2016
Cyber strategies of great powers: US-China interactions and cooperation
By Lu Chuanying
China and the United States reached an important consensus on cyber security during Chinese President Xi Jinping’s US visit from September 22-25, agreeing to deepen cooperation on information sharing, anti-cybercrime, and some basic rules and norms of state behavior in cyberspace. The two cyber powers also agreed on a set of confidence-building mechanisms such as creating senior experts’ groups, setting up a high-level dialogue  and a hotline on combating cyber crimes. These are all important measures demonstrating the willingness to ease tensions and promote cyber cooperation. At the same time, it’s worth noting that the protracted and mixed pattern of competition and cooperation between the United States and China in the cyber domain will not change and in some cases, discords and disagreement will be difficult to solve. What is most challenging in terms of cyber security for the US-China relationship is how to promote bilateral cooperation, contain disputes, and manage crisis through confidence-building measures.

Different cyber security perceptions between China and the US

The most glaring gap in cyber security perceptions between the two powers is about the cyberspace itself and cyber codes of conduct. Such perception gaps give rise to discords on core cyber issues such as freedom, order, power, and resources in cyberspace.

Cyberspace has been regarded as one of the fastest-evolving strategic frontiers. There has been no uniform or agreed definition of the attributes, freedom and order, power and resources in cyberspace. The United States and China approach cyber issues based on two theoretical foundations: the former adheres to the theory of cyberspace as a form of global commons, while the latter prioritizes cyber sovereignty. The US “global commons theory” is built on its liberal tradition and the idea of “governance without government.”  This theory argues for the collective ownership of cyberspace by all humanity and against cyber sovereignty. It also holds that the private sector and the global civil society should play the leading role in cyber governance. China’s “cyber sovereignty theory” maintains that cyberspace is built in the real world, and therefore, sovereign rights cover cyberspace, granting national governments with jurisdiction over domestic cyber infrastructure and users’ data information.

China thinks that the US approach to cyberspace is out of touch with reality and points to the contradictions between the latter’s words and actions. China notes that the United States has laid out a cyber strategy, built a cyber command, and strengthened its cyber defenses, actions whose legitimacy is derived from sovereign rights. Such actions are the result of US assertion of its cyber sovereignty. China believes that the United States argues for the global commons theory to gain free access to the others’ networks by preventing other cyber actors’ assertion of cyber sovereignty and undermining their cyber power. The United States thinks that China’s advocacy of cyber sovereignty serves as an alibi for it to tighten Internet controls and censorship, which would only widen the existing divisions and undercut transparency, freedom, and operability in cyberspace. 

The two theoretical rationales lead to two strategic orientations. The global commons theory might cause nation-states to adopt offensive cyber strategies, such as massive data surveillance, collection, storage, and processing. The cyber sovereignty theory might spur states to adopt defensive cyber strategies and confine their actions strictly within sovereign jurisdictions, focusing on guarding again external penetration and intrusion. In a word, the different approaches toward cyberspace are the result of the two nations’ national conditions: different levels of development, cyber power, and cultural values. However, the Snowden revelations has create mounting international pressure on the United States and weakened it position on the global commons theory, thus narrowing the perception gap between the United States and China.

There are three reasons that can explain the disparate perceptions. First, cyberspace is a new strategic frontier and it takes time to reach broad-based consensus on its nature and attributes. Second, in the absence of a widely accepted code of conduct for cyberspace, the parties with predominant cyber power tend to take an offensive posture to preserve and acquire more cyber power while the parties in a relative weaker position are prone to be on the defensive, advocating for cyber sovereignty to ensure security and guard against potential intrusion by resorting to international law. Third, though the perception gap has been narrowing, the US and Chinese policies and approaches regarding cyber issues are far from convergent. To the contrary, both have entrenched their long-held positions.

Moreover, both side have different priorities in cyber issues. For the United States, cyber-enabled commercial espionage, which undermines American competitiveness and inflict huge losses, is the biggest threat in terms of cyber security. For China, cyber sovereignty takes precedence over other pressing issues. It stands opposed to U.S. massive surveillance programs and infiltration under the excuse of freedom of flow of information. Long before President Xi’s visit, the cyber tensions between the two sides has already been on display, with the US increasing pressure on China by threatening much severer sanctions against Chinese state-owned enterprises involved in cyber attacks on American entities.

Outcomes of US-China cyber cooperation

Ensuring cyber security is a spotlight on the outcome list of US-China cooperation. The two sides do have reached a consensus on six important areas for enhanced collaboration with respect to cyber security, namely, tackling malign cyber attacks, opposing commercial cyber espionage, cyber rule-making, combating cyber crimes, information technology trade, and security reviews of foreign investment. For the first time, the United States and China has reached a broad-base consensus on cyber issues with a view to managing discords and promoting cooperation. Its significance is manifold.

To begin with, the summit meeting between President Xi and President Obama has created a cordial context for consensus building. For quite some time, the efforts by both sides to build a major power relations have been hampered by other issues such as disagreement over cyber issues and the escalating tensions in the South China Sea. A leading presidential candidate even went so far as to call on President Obama to cancel state visit of the Chinese president. US military and security authorities also called on President Obama to impose strict sanctions on China for cyber espionage allegedly originating in China. Notwithstanding, the agreement reached between the two sides has send a strong signal that both side will make every effort to overcome the Thucydides trap by forging a new pattern of US-China relations premised on no confrontation and no conflict, mutual respect, and win-win cooperation.

Second, confidence-building measures with regard to cyber issues also conveys symbolic meanings. After the Snowden revelations, cyber cooperation between major power has become increasingly difficult. In particular, cyber cooperation between the United States and Russia was soon called off. The Sino-American consensus on cyber cooperation has serves as a demonstrative example. Soon after the two cyber power publicize the outcome list, cooperation agreements between the United States and South Korea, between China and the United Kingdom were signed. Comparing these agreement texts, one can easily conclude that the Sino-American agreement has become the prototype agreement on cyber cooperation.

Third, the Sino-American consensus could help to improve global governance in cyberspace. A UN report released in this July on the code of conduct in cyberspace has laid out a set of general agreement on cyber infrastructure protection, confidence-building measures, and international cooperation. China-US cooperation in cyberspace is a joint effort to implement the recommendations of the UN report.

US-China cooperation and competition in cyberspace

Against the backdrop of global cyber governance, a militarized and politicized pattern of competition between the United States and China seems inevitable. The cyber dimension of military power is guiding military reforms in major powers. In an information age, modern warfare has increasingly taken the form of information warfare and cyber warfare. Major powers have been devoting national resources to get ahead of others in a new, global race of military reforms by increasing their respective cyber military power. The UN report has incorporated the humanitarian principle, military necessity principle, proportionality principle, and distinction principle codified in the Law of Armed Conflict. Besides, with the growing influence of the Tallinn Manual on cyber warfare, the militarized pattern of cyber competition seems all the more inevitable.

Cyberspace has become an increasingly important theater for intelligence collection and information surveillance. What flows in cyberspace is not only information but also power and wealth. The capabilities in generating, collecting, and processing data constitutes essential elements of national competitiveness. Facing mounting international pressure after the Snowden revelations, President Obama instructed a security review of National Security Agency’s PRISM program and launched NSA reforms. However, the administration has no intention to separate NSA from the Cyber Command and replace NSA director with civilian officials. This shows that information collection is regarded as an important component of US national security.

The politicized pattern of cyber issues will also persist. In terms of state-to-state relations and global governance, issues related to human values and ethics are the most immune to changes or consensus. What divides the US and China with respect to cyber security is not only disparate understandings of national security, cyber policies, and rules and regulations, but, more importantly and fundamentally, ideological and value-based issues. Cyber freedoms and human rights have not gain prominence in the US-China cyber relationship. However, Hilary Clinton, the leading Democratic presidential candidate, has long advocated cyber freedoms, and with the growing possibility of her election as the next US president, the issue of cyber freedoms might become increasingly outstanding in the China-US relationship. The growing strategic significance and complexity of cyber issues will certainly have a direct bearing on the bilateral relationship.

Cyber cooperation as a strong case for major power relations

Cyber issues have increasingly acquired strategic importance for the US-China relationship. But if handled properly, cyber cooperation can be made a strong case and a template for major power relations in the twenty-first century. If handled roughly or even left unattended, their negative effects may spill over into other areas in the bilateral relationship, such as economic and political security. Therefore, the two sides have no other choice but to broaden and deepen cyber cooperation.

To broaden cyber cooperation requires both sides to expand their cooperation in cyber security to other areas such as cyber development and cyber freedoms. To deepen cyber cooperation means that both have to adopt a pragmatic approach and concrete measures to address cyber issues. For instance, the two sides could build upon the six-point consensus to conduct high-standard collaboration on the protection of key global cyber infrastructure, crackdown on cyber crimes, and making code of conduct for cyberspace. Both China and the United State should promise not to carry out attacks on financial institutions and entities that underpin the global economy, share information on the third-party threats to the financial sector, encourage and incentivize the banking industry to make the strictest rules for ensuring information safety, and strengthen resilience against various forms of cyber attacks.

The two side should also enhance cooperation on cyber counterterrorism. Radical terrorist groups such as the Islamic State have shown their special skills in recruiting would-be terrorists through social media. Cyberspace provides an ideal theater for potential terrorists to damage high-value assets. When they acquired the ability to wage a cyber war, the potential costs to the international community will be terribly huge. The United States and China, therefore, must collaborate and coordinate with the rest of the world to prevent and forestall such attacks.      

Source of documents