Joseph Nye has an interesting article in the Winter 2011 issue of Strategic Studies Quarterly that applies some of the lessons of the nuclear age to cybersecurity. It is well worth the read, and I thought I might try the same, using what we know about the study of Chinese technology policy to shed some light on China and cyber.
Linking cyber and technology policy is a form of techno nationalism that is widely and deeply held by Chinese policymakers. The objectives are clear: China does not want to depend on other countries for critical technologies, the United States and Japan in particular. The 2006 Medium to Long Term Plan on Science and Technology (MLP) puts it plainly: “Facts have proved that, in areas critical to the national economy and security, core technologies cannot be purchased.” The Chinese tend to see the current system as, if not unfair, then stacked against them, and so commentaries often focus on competitors’ unfair advantages (U.S. firms dominate hardware and software sectors, 10 of the 13 root servers in U.S.) and China’s victimization (China is the biggest victim of cyber crime).
With both cyber and technology, outside observers have a tendency to overstate how driven by the center China really is. Yes, the MLP sets the goal of China becoming an “innovative nation” by 2020 and a “global scientific power” by 2050. Not surprising given Chinese history and national security concerns. But the document is of two minds about how to move up the value chain, including both a top-down, big-science and technology policy as well as a bottom-up, entrepreneurial innovation strategy. In cyber, we tend to see China pursuing a coherent cyber strategy that involves pushing an Information Security Code of Conduct at the United Nations, the use of patriotic hackers, information war, and tight Internet control. Chinese analysts see the opposite, complaining that the U.S.—with the standing up of Cyber Command and promotion of the Internet Freedom agenda—has put China on the defensive and that Beijing is falling behind in cyberspace.
There is also a question of how strategically China can implement. The world of technology policy is one of sectoral and regional differentiation, with industries and provinces interpreting national regulations to serve their own interests. Ministries, universities, and government research institutes behave similarly, and Chinese firms often identify more with their Western competitors than with their local bureaucratic partners. It is hard to imagine that the Ministry of Public Security, Ministry of State Security, PLA, and Ministry of Industry and Information Technology play any nicer together in the sand box of cyber policy.
The prolific rate of cyber espionage—what Cyber Command head General Alexander called “the greatest transfer of wealth in history“—raises questions of China’s absorptive capacity. With technology imports, Chinese firms historically spent much less than Japanese and Korean companies did for diffusion and absorption. What is China doing with all of the IPR it is allegedly stealing, and shouldn’t we start to see it paying off in more competitive Chinese firms? Not much public evidence exists that it is helping Chinese companies move up the value chain (most evidence in the public domain is old fashioned theft, see DuPont, Motorola, and American Semiconductor).
Finally, technology policy may tell us something about what might work for cyber, although progress, especially in protecting intellectual property rights, has been glacially slow and uneven. The issue must be raised at the highest level, including by the President and Vice President, something that it is not clear has happened yet. Multilateral pressure should also be applied. China backed down from the compulsory introduction of WAPI, an alternative to WiFi, after the U.S. government, supported by Japan and the EU, threatened to take a case to the WTO.
Given the current state of the U.S.-China relationship in cyber, glacially slow and uneven might be an improvement.