Chinese and Russia Developing Much Stronger Cyber Ties
China and Russia have embraced parallel approaches toward the Internet and how governments should operate and govern the activities therein. Whether trying to influence norms of state behavior, promoting state sovereignty over their portions of the Internet, or signing bilateral agreements on cybersecurity, a collaboration between Beijing and Moscow rightly gives the West cause for concern. Stringent information control, unchecked cyber espionage and influence campaigns, and extensive surveillance are measures that have flourished under these two authoritarian regimes. As the world struggles to codify a state’s roles and activities in cyberspace, continued cooperation only risks to further ally two of the world’s foremost cyber powers. In turn, China and Russia solidify their joint position as a legitimate alternative to the Western preference to keep the Internet open, free, and, ostensibly, Western-influenced.
A noteworthy development in China-Russia cyber diplomacy occurred in May 2015 when the two governments signed a cybersecurity treaty that stressed a mutual non-aggression pact, as well as promoted their views on state cyber sovereignty. According to an unofficial translation, the treaty identified how information and communication technologies could be used to execute disruptive threats against a country’s stability and, more importantly, where and how the two could collaborate to mitigate these activities, including technical, legal, law enforcement, research, training, and information sharing engagement.
Such agreements are not in and of themselves noteworthy. Since national governments acknowledged the importance of the need to secure cyberspace, they have been developing national- and international-level cyber security strategies and entering into formal and informal agreements based on shared principles and aspirations. Two such notable engagements occurred in 2015 between China and the United States, and a separate agreement between members of the G20, in which stakeholders pledged not to engage in hacking for commercial advantage. It begs the question: with so many common goals, why can’t the global community create a universally accepted set of norms of behavior for states in cyberspace?
As evidenced by the indictments levied against Chinese operators by the U.S. Department of Justice, mutual non-hacking agreements have turned out to be more aspirational than practical. Even Russia continues to be targeted by Chinese hackers, despite signing the treaty. In July 2015, one computer security company tracked a campaign with a nexus to China which targeted Russian telecoms and military organizations. In 2019, two other computer security companies authored a joint report revealing how Chinese hackers, active since 2016, had been allegedly hacking Russian organizations for several years to conduct political intelligence and industrial espionage. Such activities further underscore that some governments will continue to act in their own national interests regardless of any deal, signed or promised.
As international forums like the Open-Ended Working Group (OEWG) and the United Nations (UN) Group of Government Experts (GGE) fumble their way forward on norms, China and Russia have decided to move forward on their own. The 2015 cyber security treaty is not the first time Beijing and Moscow have collaborated. Their interest in pushing forward their views on the rights of governments to control their information space tracks back to 2011 and 2015 when Beijing and Moscow, as well as the governments of Kazakhstan, the Kyrgyz Republic, Tajikistan, and Uzbekistan proposed their international code of conduct for information security.
While these two efforts have not succeeded, there is some indication that China’s and Russia’s perseverance might be winning over other governments. In November 2019, the UN adopted an anti-cybercrime pact that would set up a working group to examine global cybercrime. The resolution was backed by China and Russia and against U.S. wishes, passing 88-54, with 34 abstentions. More disconcerting is the fact that the resolution risks giving legitimacy to the Internet sovereignty espoused by Beijing and Moscow.
In a time when hostile cyber activities have become their own pandemic with no foreseeable cure in sight, Internet sovereignty appears to be gaining traction as a way to mitigate these threats. Intellectual property theft, espionage, election meddling, fake news/misinformation, and audience influence afflict most countries in some form or the other. The longer international efforts fail to codify norms or demonstrate collaborative commitment to countering cyber threats and yield tangible results, the more apt governments are to focusing on what they can control – in this case, their own portions of the global Internet.
Governments wanting to preserve social and political stability in the face of weaponized information may seek to implement proactive measures to address the threats proliferating in cyberspace to include but not limited to stricter legislation, surveillance, and monitoring social media channels. However, each of these tactics run contrary to an open and free Internet. If the West is not careful, it will find itself losing ground on the issue of Internet sovereignty and risk losing the support of governments drawn to the China/Russia position simply through a lack of a viable alternative.