As China rolls out its 2016 cyber security law, its drive to develop national cyberspace sovereignty continues. China’s law outlines a rules-based view of privacy and emphasizes critical infrastructure and domestic collection of citizen data. With the second largest economy in the world and the largest number of internet users, China has a tough task attempting to establish a national framework for cyber security while fostering an innovative technology sector. China is now a rule maker in cyberspace and home to a number of very large and highly capable technology companies. However, China’s lofty goals in cyberspace and innovation are undercut by its behavior in other countries.
Myriam Dunn Cavelty calls for a realistic assessment of what state institutions can do to combat cyberattacks.
When a cyberattack has been orchestrated by a state actor, people may be tempted to call it “war”. After all, it’s an attack waged on national infrastructures by a foreign power. But the term “cyber war” has been used so often for dramatic effect that I don’t just want to warn against hype. It’s also time to dampen expectations regarding the scope of governmental intervention.
In the past three years, barely a week has gone by without a report of a critical cyberattack on a business or government institution. We are constantly bombarded by revelations of new ransomware strains, new botnets executing denial of service attacks, and the rapidly expanding use of social media as a disinformation and propaganda platform.
This graphic maps the various landing stations of submarine cables in both the US and China. To find out about cybersecurity in Sino-American relations, see Marie Baezner’s recent addition to the CSS’ Analyses in Security Policy series here. For more CSS charts and graphs on defense policy, click here.
Without increased cooperation, the global digital economy is vulnerable to catastrophic cyberattack.
Information and communications technology (ICT) presents one of the most critical modern challenges to global security. Threat assessments predict that the next major international crisis could be due to a state or terrorist group weaponizing ICTs to devastate critical infrastructure or military logistics networks. The proliferation of asymmetric warfare (i.e., conflicts between nations or groups that have disparate military capabilities) has increased states’ use of ICTs, which necessitates the development of an international code of cyber conduct.