After years of debate, the Senate is set to take up a cyber-security bill that would force power companies and other vulnerable parts of the infrastructure to meet a certain level of security. President Obama is backing the bill, the Cybersecurity Act of 2012, as a response to "one of the most serious economic and national security challenges we face," though it has been watered down in response to industry and G.O.P. critics who oppose mandatory standards (and it very well might die in the House). China, meanwhile, is also trying to defend itself against cyber threats. For more on this, and on how the U.S. and China stack up on technology innovation, I turned to Adam Segal, the Maurice R. Greenberg Senior Fellow in China Studies at the Council on Foreign Relations. He is the author of "Advantage: How American Innovation Can Overcome the Asian Challenge," and he tweets at @adschina.
In "Chinese Computer Games," in the March/April edition of Foreign Affairs, you argued against hoping for a grand bargain: "Washington should focus on improving its defenses." President Obama supports the Cybersecurity Act of 2012. Should the Senate pass it?
We need effective legislation, but it doesn't look like the Cybersecurity Act of 2012 is going to be it. After opposition surfaced to provisions requiring power grid, gas pipeline, water supply, and other critical infrastructure providers to meet a certain level of security defined by the Department of Homeland Security, a compromise version of the bill that made industry participation voluntary was introduced. The D.H.S. will help develop best practices with industry and companies will be offered incentives to adopt them. The bill still needs votes to pass the Senate, faces stiff opposition from Senator John McCain, and it is uncertain if it will be taken up by the House before the session concludes. In the unlikely case that it does pass, the best that can be said of it will probably be that it was better than doing nothing.
While China could attack critical infrastructure, it is unlikely to do so unless the two sides are seriously considering or already engaged in military conflict. The most pressing threat from China now is cyber espionage, and if the bill fails, Congress will have to revisit the question of how the government and private sector can improve information-sharing on threats and vulnerabilities. It is interesting that as the government struggles to come up with a policy solution, an increasing number of private firms appear to be willing to consider more active defense measures. Hacking back into computers in China would be illegal, but companies are mapping out the attackers' networks and they can also plant disinformation and waste hackers' time by building fake systems.
The proliferation of Weibo and cheap smartphones seems to pose a fundamental challenge; the scale of data may grow even faster than China's ample human resources can manage. How will China's Internet censorship evolve to keep up, or is it outmatched?
I suspect the technology pendulum will continue to swing back and forth, sometimes favoring the C.C.P., other times netizens. With Chinese netizens now totaling five hundred and thirty-eight million, with three hundred and thirty-eight million accessing the Web through smartphones, data will proliferate at a massive rate and will be increasingly mobile. Chinese web users will think of new ways to outsmart censors, at least for a few hours. This is clearly putting increasing pressure on the government to be more responsive and transparent, but the state can also rely on new surveillance technologies and exploit big data to pinpoint and repress protests and dissidents.
The important change will not be simply technological but also in user behavior and expectations. Most Chinese netizens, like their counterparts every else in the world, do not use the Web for political purposes. As Rebecca MacKinnon and others have pointed out, the relatively open nature of the Web in China allows people to vent their frustration and debate, under constricted circumstances, sensitive topics, perhaps making them less likely to question the government directly. Moreover, many in China seem to accept the government's explanation that it regulates the Internet to control dangerous or harmful material like pornography. Only when these assumptions change, and when more Chinese are willing to question the legitimacy of one-party rule, will the full force of new technologies be channelled to political change.
Cyber is often mentioned as one of the leading potential flashpoints in the U.S.-China relationship. Where would you rank that risk compared to potential conflict in the South China Sea, Taiwan, or trade disputes?
While strategic mistrust is high between the two sides, Cyber alone is unlikely to be a major flashpoint. Attacks designed to steal intellectual property and other trade secrets occur with such regularity and at such a pace and scope that General Alexander, head of U.S. Cyber Command, has called them "the greatest transfer of wealth in history"—yet the United States continues to engage China on a range of issues, from Iran and Syria to trade and the environment. Washington has raised the pressure on Beijing about cyber, publicly calling out Chinese hackers and addressing it in bilateral meetings, but clearly has not made it an issue that it is willing to go to the mat for.
There is little doubt, however, that cyber will be part of any political, military, or economic conflict in the future, and that it has high a probability of making the situation more difficult to resolve. Web-site defacements were an annoyance in the standoff between China and the Philippines over the Scarborough Shoal/Huangyan Island, but more serious cyber attacks could have escalated the situation, making signalling much more complicated. This is why it is so important that the United States and China continue to talk about cyber and to develop points of contact and other communication mechanisms in case of crisis.
In "Advantage," you make the case for American "software" in innovation, but American executives often say we shouldn't be confident; they cite some familiar numbers on Chinese engineers graduating each year, rising Chinese investment in R. & D., new infrastructure, and so on. Are they right?
I agree that we should not be overconfident. Our software—the social, political, and cultural institutions and understandings that move ideas from the lab to the marketplace—cannot operate on autopilot. There is much to be done—reforming immigration and visa laws, preserving and enlarging investment in basic R. & D., reinvigorating university-industry collaboration, and re-energizing science and math education.
But much of the news over the last few years reinforces my argument that China's software is a real impediment to building a truly innovative economy. American C.E.O.s love to quote China's rising investment in R. & D., but they never follow with Chinese reporting that suggests sixty per cent of state R&D funds are lost to corruption. High-profile plagiarism and academic malfeasance cases continue to surface, and the education system struggles with fostering creativity and individual initiative. A recent study conducted by the World Bank and the State Council concluded that research quality falls short, scientists publish relatively few high-impact articles, and that the majority of Chinese patents constitute minor tweaks rather than real inventions. Market incentives are still orienting Chinese entrepreneurs to adapting technologies developed in the West for the local market, not thinking long-term and investing in high-risk, high-return breakthroughs. Most important, the government still fears the intellectual competition and freedom to debate the new ideas necessary for innovation.
This article appears in full on CFR.org by permission of its original publisher. It was originally available here.