How China & Russia plan to team up against the Western world on the virtual battlefield of cyberspace

On 08 May 2015, China and Russia entered into a bilateral cybersecurity arrangement.¹ This agreement functions as a statement to the Western world—and particularly to the US—that the two nations stand united in their opposition to Western “cyber-hegemony” and will write their own rules of engagement in the cyber world.² Unfortunately, recent talks and diplomatic discussions have been ineffectual in deterring increasingly brash and harmful Chinese and Russian cyber attacks against the US.³ It is important for the US to show leadership in crafting international cybersecurity policies now, when no international system is in place. The US and its allies should jointly compose a code of international cybersecurity ethics. With a workable system of international cyber ethics in place, the US will wield far greater political clout and receive stronger support internationally.

The international cybersecurity agreement that China and Russia cosigned last May had the stated purpose of combining forces to combat foreign cyber-related threats, such as violations of national sovereignty, economic or infrastructure damage, and cyber theft or espionage. In the event of cyber attacks, the agreement states that China and Russia will respond jointly, collaborating and sharing information, tools, and technologies. The agreement outlines plans for the two countries to share scientific research and to train information security specialists jointly.¹

The language of the Sino-Russian cyber pact is nonspecific. Rather than establish new functionaries, bureaucratic organizations, or diplomatic agencies, it lays out a general intent to cooperate on the cybersecurity front while expressing common goals and grievances. Particularly of note is the document’s focus on maintaining the national sovereignty of the respective states. The agreement states a shared objective of combatting technology that might “destabilize the internal political and socio-economic atmosphere and the spiritual, moral and cultural environment” or “interfere with the internal affairs of the state.”¹ Reading between the lines, this language suggests that China and Russia unsurprisingly intend to maintain and likely increase their control over and censorship of information on the Internet.

What purpose does such a document, which fails to describe specific policies or initiatives, serve to achieve for China and Russia? Foremost, it establishes their intent to work together—to “be friends”—when it comes to future cyber attacks and Internet related threats.⁴ But more importantly, it makes a statement to the world that China and Russia are intent on making their own rules and attaining informational sovereignty, irrespective of the western world’s insistence that the Internet remain free and open. According to Diplomat writer Franz-Stefan Gady, China’s Communist Party leadership considers “Western cyber-hegemony” to be a direct threat to Chinese authority and stability.²

One purpose of the pact is to fill an existing void in international politics. Cyber attacks and cyber espionage have rocketed in recent years, yet the world still lacks any clear international doctrine of a state’s “cyber rights.” Russia and China in particular already have a track record of causing significant cybersecurity issues for the US. According to a recent DNI report, Russia has now surpassed China as the most threatening “cyber actor” to the US, relegating China to second place.⁵ Numerous recent attempts to establish cooperative cybersecurity guidelines, including US/China talks at the Asia-Pacific Economic Cooperation and the Global Conference on Cyberspace in The Hague, have been inconclusive due to conflicting interests and lack of cooperation.^{6, 7} One Russian author noted that the Sino-Russian cyber pact functioned as “an ambitious attempt at setting the rules of the game in cyberspace at the time when no such consent on norms of behavior seems currently feasible at a global scale.”⁷ The cybersecurity agreement between Russia and China thus functions as a political maneuver, reminding the US that it must contend with Eastern powers that do not share its Western philosophies.

One result of this pact will be increased governmental control of Internet usage on Chinese and Russian soil. As embodied in the agreement, China and Russia’s vision for the future of the Internet is not compatible with the Western ideal of a free and open exchange of information. Because so much of the Internet’s infrastructure lies on US soil, it is unlikely that China or Russia could materially alter the structure of the worldwide web. Within the confines of their own borders, however, China and Russia are likely to make changes for the worse. Chinese and Russian citizens are already accustomed to Internet censorship, and in light of the new pact, they should only expect Internet restrictions to increase.² Businesses operating on Chinese and Russian soil, in addition, will see increased control of their online content and webservers.

This pact does not only represent an internal crackdown, however; China and Russia have long been remarkably resourceful in their use of the Internet as a virtual battlefield, and their agreement to cooperate in cyberspace must be read in that light. China and Russia will continue to carry out offensive cyber operations, and in addition, they will likely pool their hacking resources. In the months since their cybersecurity agreement, both Russia and China have become increasingly brash and hostile on the cyber front. In one of the most recent incidents, in June 2015, it was discovered that the US Office of Personnel Management had been hacked, resulting in perhaps the most devastating intelligence leak in history.⁸ This came shortly after numerous other major attacks, including hacks of the State Department email servers, Anthem Insurance customer and employee databases, and US taxpayer records. US officials are currently considering imposing sanctions on both nations due to these and other recent cyber attacks.⁹

Sanctions are probably not a permanent solution, however. In the long term, the international community needs a clear statement on what is acceptable in the cyber world. Part of the problem is that the US arguably has not always held itself to high standards. Chinese officials are often quick to raise the subject of Edward Snowden and US spying operations, and because there is no international consensus on exactly what kinds of cyber intelligence are acceptable, the US has had no response.¹⁰ The issue is not that the US has behaved unethically by spying; every nation spies on every nation. This is normal; the Chinese government knows this, and they know that they themselves are guilty of it. The real problem is that the US wants to call its own spying “good spying” and the Chinese spying “bad spying,” but so far has no clear way to differentiate the two. Even while there is no code of cyber ethics—no delineation between acceptable forms of espionage and actual cyber warfare—only the US, not Russia and China, allows ethical qualms to stand in the way of cyber operations.

It is only a matter of time before the international community recognizes a code of cyber ethics; the only question is who will author it. If the Western world allows Russia and China to author that code, the result will be the suppression of information and free expression, increased cyber warfare, and an ever-escalating barrage of cyber threats. It is imperative that the US and its allies define a sound standard of international cyber ethics and lobby on the international stage for its adoption. With China and Russia standing openly in opposition to the Western world, supporters of a free and open Internet and of international cybersecurity need to take a stand, ensuring that principles of freedom are upheld in a changing world. ■

1. James Lewis, “Sino-Russian Cybersecurity Agreement 2015,” CSIS Tech, 15 September 2015, http://www.csistech.org/blog/2015/5/11/sino-russian-cybersecurity-agreement-2015.
2. Franz-Stefan Gady, “Have China and Russia Agreed Not to Attack Each Other in Cyberspace?” The Diplomat, 20 May 2015, http://thediplomat.com/2015/05/have-china-and-russia-agreed-not-to-attack-each-other-in-cyberspace.
3. “Report: US May Sanction Russia, China For Recent Cyber Attacks,” Global Security, 01 September 2015, http://www.globalsecurity.org/security/library/news/2015/09/sec-150901-rferl01.htm.
4. John Leyden, “Russia and China seal cyber non-hack pact,” The Register, 11 May 2015, http://www.theregister.co.uk/2015/05/11/russia_china_cyber_pact_social_media.
5. Franz-Stefan Gady, “Russia Tops China as Principal Cyber Threat to US,” The Diplomat, 03 March 2015, http://thediplomat.com/2015/03/russia-tops-china-as-principal-cyber-threat-to-us.
6. David Inserra, “Cybersecurity: Time for the US to Stop Negotiating with China and Start Acting,” The Daily Signal (Heritage Foundation), 24 November 2014, http://dailysignal.com//2014/11/24/cybersecurity-time-u-s-stop-negotiating-china-start-acting.
7. Alexandra Kulikova, “China-Russia cyber-security pact: Should the US be concerned?” Russia Direct, 21 May 2015, http://www.russia-direct.org/analysis/china-russia-cyber-security-pact-should-us-be-concerned.
8. David Auerbach, “The OPM Breach Is a Catastrophe,” Slate, 16 June 2015, http://www.slate.com/articles/technology/future_tense/2015/06/opm_hack_it_s_a_catastrophe_here_s_how_the_government_can_stop_the_next.html.
9. “Report: US May Sanction Russia, China For Recent Cyber Attacks,” Global Security, 01 September 2015, http://www.globalsecurity.org/security/library/news/2015/09/sec-150901-rferl01.htm.
10. Alexander Bowe, “Cybersecurity: We Need a Chinese Snowden,” The Diplomat, 31 July 2015, http://thediplomat.com/2015/07/cybersecurity-we-need-a-chinese-snowden/.