Geopolitical cyber war is a fairly well established practice: You break into my nation-state thing; I’ll hack you back. President Obama and Chinese President Xi Jinping even met in Washington, D.C. this past September to discuss (and announce) the desire of both parties to curb intellectual property theft. This move came after several U.S. companies and government agencies admitted falling victim to major data breaches, supposedly at the hands of Chinese adversaries (N.B., the Chinese government has neither rebutted nor substantiated the accusation). Shortly thereafter, President Obama proposed a $19 billion Cyber Security National Action Plan aimed at protecting U.S. citizens, enterprises, and governments.
Not a swift counter but a definitive one nonetheless, the Chinese recently unveiled plans for its own, new association top help strengthen cybersecurity within the country’s borders. The Cyber Security Association of China is bolstered by major Chinese companies and research universities including Alibaba, Baidu, Tencent, the National University of Defense Technology, and Peking University. Notably, the association will be chaired by the “Father of the Great Firewall” – Fang Binxing.
Binxing is infamous for creating a system to block all domain name servers outside of China; his appointment may signal the association’s intent: even greater censorship for Chinese companies and citizens. While the stated aim of the association is to “serve as a bridge between the government and the public to organise and mobilise forces in all aspects of society to participate in building China's cybersecurity,” it’s curious that The Ministry of Industry and Information Technology of the People’s Republic of China also recently proposed new regulation that would govern which websites are allowed to operate within the country. The Ministry posted on its website that, “Internet service providers must not provide network access services for domain names connected to the domestic network but which are not managed by domestic domain name registration service bodies.” In other words – the rules within China are getting stricter and the government is exerting even more power over its populace.
Tying these two actions together, one could assume that this is a move on the part of the Chinese government to ensure that it unequivocally has a first-hand account of what’s going on at all major corporations and within the personal lives of key citizens. According to the Cyberspace Administration, China’s top Internet regulator, the association will “play a major role in cybersecurity governance,will help promote self-discipline in the related industry, and push for the establishment of industry standards.” Or it will use its expertise to force upon its citizens the highest level of security practices known so it can become a superpower. Perhaps the government is really saying it doesn’t want to leave security “best practices” to the interpretation of individuals or individual organizations.
Put up your dukes, let’s get down to it
Issues of censorship aside, agree or disagree, it’s clear that China is reacting and stepping up its game in accordance with the U.S. strike. Both governments are demonstrating their willingness to put weight behind the cybersecurity of their respective nations to better defend their country’s organizational, private, and governmental secrets. While many private sector security professionals in the U.S. have criticized the government for its lagging security practices, the current administration is at least putting on a good face when it comes to “doing better.” The Chinese, well-known for their hacking prowess, are following suit.
It will be interesting to watch as the two countries battle it out in cyberspace. Security practitioners can only hope that government efforts will actually strengthen information security, provide better training, and encourage more education in the space instead of merely trying to one-up each other.