As the diplomatic moves continue in advance of the President Xi summit trip to Washington later this month, it is important to understand two distinctly different views of the Internet and cybersecurity. Both countries see the Internet as a business opportunity and a potential domain for conflict. Cyberspace is already a field for competition, but the rules and norms for operation in that field are still being written and are far from being universally accepted. There is no global international treaty on cybersecurity and China is not a party to the one convention on cybercrime.
In his writings on soft power, Joseph Nye credited the United States with an information edge with its ability to develop and disseminate knowledge through an open and collaborative system that leverages information technology and connected communication networks. Critical in this construct is the free flow of information and ideas. Content, the words, is not viewed as a threat but rather as an opportunity. Freedom of expression is considered the special ingredient that allows for intellectual development and thereby economic growth. Cybersecurity is required to protect the system to allow the free flow of ideas.
China, in contrast, considers the content of information to be a risk. The Great Firewall of China exists to keep out content that Communist Party leadership views as contrary to Chinese interests. Freedom of expression is not allowed. Facebook and Google are blocked lest information about Tiananmen or the latest industrial accident appear in contradiction to the official narrative. In China information security and the control of content is often more important than protection of networks and devices.
As the Washington summit meeting approaches, the U.S. and China have both sent signals on cyber issues. The White House has issued executive orders allowing for the sanctioning of individuals and companies deemed to be involved in cyber espionage against U.S. firms. Rumors from Washington indicate that several Chinese firms will soon be targeted with these economic sanctions that curtail their access to the U.S. financial and commercial markets although this appears to be on hold for now. Recall that the administration indicted five Chinese military officers in 2014 for commercial espionage.
China has countered with a Seattle tech summit focused on leaders from key companies such as Google, Facebook, IBM, Apple, and Microsoft hosted by President Xi prior to his arrival in Washington, DC. The surprise addition of this event in a normally scripted formal visit is an indication that China may have concerns with how U.S. policy will affect its own slowing economy. Courting both hardware and content companies, China appears to be dangling the prize of market access in an attempt to garner support from key U.S. companies eager to grow. This is interesting in light of Chinese moves earlier this year to require foreign tech companies to give Chinese authorities backdoor access to software and hardware sold to Chinese financial and communications firms.
While much of the recent news on Chinese hacking at the Office of Personnel Management is clearly related to traditional espionage activities and national security, commercial espionage is clearly ongoing as well. In May 2015, a Chinese professor was arrested and five other Chinese citizens indicted for violations of the Espionage Act for stealing trade secrets applicable to cell phones from two U.S. tech firms to use to develop rival Chinese goods. Theft of the fruits of research and development allows authoritarian regimes to leverage some of the benefits of the information edge cited by Nye. It will be interesting to see who attends the Seattle event and what emerges from it.
Clearly the cyber commons remains a potential zone of conflict for the U.S. and China. The conflicting views of freedom of expression and the desire for absolute control over information challenge policy makers on both sides to find areas for mutual agreement. Dialogue is continuing however and that is an opportunity.
If you would like to receive blogs from cybersecurity experts, please join us on Facebook and Twitter!