More on: China Cybersecurity

With 2012 coming to an end, here are some of the larger trends to watch in Chinese cybersecurity in the upcoming year.

New institutions/bureaucratic reform. There are rumors that there will be another round of bureaucratic reforms in the spring. Chinese analysts have pointed out that one of the great weaknesses in their defenses is that institutional oversight of cybersecurity is fragmented and ineffective, and there is a low degree of information sharing between the government and industry. There have also been complaints that China lacks adequate strategic planning for information security. In the past, efforts at ministerial reform have been underwhelming, resulting in little more than shuffling around of titles. This CCID report, however, does make the interesting suggestion that China should set up an “information security agency” to better coordinate cyber strategy.

New threats. Chinese security specialists, like their counterparts in the rest of the world, are worried about the growth of malware targeting smartphones and other mobile devices. Mobile data traffic grew tenfold in 18 months in China, accounting for some 10 percent of total global Internet activity. This year China Mobile established the country’s largest information security center in Beijing, and recently the Ministry of Industry and Information Technology announced that it would regulate the Chinese app market.

More talking, little progress. After a steady stream of announcements from U.S. officials that Chinese hackers were engaged in the widespread theft of American intellectual property, cybersecurity is now a topic of discussion at almost all high-level bilateral meetings. It was on the agenda at the 2012 Security and Economic Dialogue and was raised during Secretary Clinton’s meeting with Foreign Minister Yang Jiechi and U.S. Defense Secretary Leon Panetta dialogue with Defense Minister General Liang Guangjie. This month, at the 13th annual Defense Consultative Talks, Jim Miller, U.S. undersecretary of defense for policy, and Lieutenant General Qi Jianguo, deputy chief of the People’s Liberation Army general staff, stressed the need to avoid miscalculation on cyber, space, nuclear, and missile defense issues. On the positive side, there have been some articles in the Chinese press suggesting the need for crisis communication mechanisms, a hot line for the cyber age. On the negative side, all the talking and “naming and shaming” appear to have had little or no impact on the pace and scope of cyber espionage. In fact, the attacks are accelerating, according to Rear Admiral Samuel Cox, former director of intelligence for Cyber Command.

A coming cyber trade conflict? The report by House Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member C.A. Dutch Ruppersberger (D-MD) on the national security issues posed by Huawei and ZTE unleashed a torrent of stories in the Chinese press on the cyber threat posed by Chinese dependence on Western technology companies, and Cisco in particular (see this magazine cover, for example, with Cisco as a snake). So far, the actual response has been fairly moderate. Some analysts have called for China to create a foreign investment review board, and China Unicom reportedly replaced Cisco routers for security reasons, though American industry analysts have told me that the move was scheduled for long before the issuance of the report, and at any rate China Unicom replaced Cisco with Nortel routers. Still, Huawei’s problems continue to multiply. India has said that it will examine the risks of using Huawei products, a European Commission report called for action against the company, and a British committee is expected to find that the company poses a cybersecurity risk. If any of these reports lead to trade or investment restrictions, the Chinese government may have no choice but to respond with its own sanctions against Western technology companies.

A two Internet world. A number of reports have characterized the U.S., UK, Canada and others’ decision to walk away from the World Conference on International Communications (WCIT) without signing an updates to a 1988 treaty on international telecommunications as the first clash in a digital cold war. On one side, the U.S. and its allies said they could not sign the treaty because they wanted to preserve the free, open model of Internet governance. On the other, Russia, China and many Arab nations believe that states should have a greater say in how the Internet is managed and more ability to control the flow of information over networks. For example, in response to the introduction of "human rights obligations" in the proposed telecom treaty, the Chinese delegation noted that the "security of the state" was an equally valid concern. The end of the WCIT does not end the discussion, and we can expect Russia, China, and other authoritarian states to continue to promote their state-centric views of cybersecurity and Internet governance.