One of the justifications for the creation of the Chinese leading group on cybersecurity and information technology was the need to move China from a "big" network country to a "strong" cyber power (从网络大国走向网络强国). While China has the world’s largest number of Internet users and a vibrant domestic market, policymakers and outside analysts seem to have significant concerns about Beijing’s technological prowess, the coherence of its international strategy, and its ability to respond to the growing sophistication of cyberattacks. It is one thing to be big, it is another to be powerful.
What defines a cyber power? China’s hacking is constantly in the news, but how do Chinese leaders see their strengths and weaknesses in cyberspace and what are they trying to achieve? In an article published last week, Wang Yukai, an academic and adviser to the government, draws on the comments President Xi Jinping made when the small leading group was announced to list six indicators of cyber power:
1. Infrastructure, including network size and broadband penetration
2. A clear international strategy that lays out priorities and defends China’s right to have a voice on cyber issues
3. Independent technological capabilities, especially in the areas of operating systems and central processing units
4. The ability to defend networks, be it for national security, economic security, user privacy, or social stability and harmony
5. Competitiveness in the development of software applications, e-commerce, and online markets
6. Occupying the "commanding heights" of cyberspace
Wang believes the path to cyber power must be followed at three levels. At the national level, China needs to strengthen its institutional and legal frameworks. The leading group will help Chinese companies develop trained information technology personnel, and adapt to and adopt big data, mobile Internet, and cloud computing.
The second level is the market. The government should create a competitive market and avoid excessive intervention. At the same time, China should implement a localization strategy for information technology products, the government should favor domestic over foreign products in procurement, and Beijing should experiment with new methods of achieving state-directed innovation, including support for private companies. At the individual level, Wang sees a need to guide expression online, protect privacy, enhance the quality of users, and combat crime.
Wang does not mention the international level, but a speech by Lu Wei, chairman of the State Internet Information Office, lays out some of China’s principles. According to Lu, cyberspace must be open to the free flow of information, but also an equal playing field. There are boundaries in cyberspace, and the sovereignty of countries must be respected. Second, Lu embraces a multistakeholder approach to Internet governance, but one where responsibilities are clearly delineated: governments are responsible for security and safeguarding the people’s interests, companies should develop the industry and social responsibility, the technology community handles research, and the primary role of civil society is to encourage access.
Third, cyberspace should be safe and secure. Countries should strengthen cooperation to combat crime, and in particular "should never let the Internet become a breeding ground for terrorism." Fourth, Lu wants a cooperation that is "win-win", not "zero-sum." There should be more international meetings, with a focus on working together to increase development and access.
The content of these speeches may be less important than the presentation. Many of these points have been made before in different forum and formats. But Wang’s piece in particular, by building on Xi’s comments, give us a coherent, fairly consistent presentation of how the Chinese leadership defines cyber power. This is no guarantee that China will get there, but defining the objectives is certainly the first step.