Introduction
Cyberspace is not considered a defined area or space like air, land, sea, or outer space. Its indeterminate nature has led to a fragmented landscape of cyber sovereignty, making it challenging to establish effective global regulation under international law. Cyberspace has given leverage to the ‘Decentralised, Distributed and Privatised’ war capabilities of nations. Differences in regulating cyberspace result in techno-nationalism, where countries consider technological and scientific development critical for national security. The nature of international security has been greatly shaped by the evolution of warfare, providing state and non-state actors to carry out their cyber activities. Given the vulnerabilities of cyberspace, countries apply the concept of sovereignty to achieve their political goal under the umbrella of data privacy or censorship.
Cyber sovereignty, in simple terms, is the control of cyberspace and the dissemination of information within a country’s sovereign territory. Political scientist Thomas Rid highlights that cybersecurity is collectively formed by three activities—intelligence collection, sabotage, and subversion. Countries establish cyber sovereignty by regulating the flow of data or information, surveillance, and foreign intelligence collection to enhance national security while shaping the narratives within their boundaries.
The nature of international security has been greatly shaped by the evolution of warfare, providing state and non-state actors to carry out their cyber activities.
The concept of sovereignty in political science refers to the absolute power of the state over its territory without external interference. However, cyber sovereignty is not immune from external interference as countries may attempt to access other cyberspace through cyber-attacks. The concept of cyber sovereignty has been viewed differently by the countries. This article will highlight China’s alternative approach to regulating cyberspace and how it conceives and implements the idea of cyber sovereignty.
China’s conceptualisation of cyber sovereignty
Through cyber sovereignty, China strives to extend its sovereignty from the territorial sphere to the digital realm. At the Second World Conference in 2015 in Wuzhen, Chinese President Xi Jinping underlined the principle of cyber sovereignty and emphasised the evolving global internet governance system with equal participation from all countries. He highlighted the need for freedom and cooperation through a multilateral approach instead of establishing ‘network hegemony’, where countries control the network infrastructure and hardware to carry out cross-border information flows.
Subsequently, the sixth World Internet Conference in Wuzhen, in 2019, mentioned the natural extension of national sovereignty to cyberspace based on the United Nations (UN) framework of equal consultation, reciprocal approach, and mutual understanding. The conference also highlighted principles including fairness, non-interference, and advocating sovereign control of cyberspace.
Domestic measures to implement cyber sovereignty
China uses several domestic measures to regulate its cyberspace and strengthen its sovereignty over this virtual space. China has also activated the “Great Firewall” or Golden Shield Project as a massive censorship network to control the internet and the flow of information in the country. With no defined physical boundaries in cyberspace, ‘cyber sovereignty’ legitimises sanctions and censorship against adversaries. Central Cyberspace Affairs Commission of China is a body for surveillance that conducts investigations, blocks sites, filters information, and arrests suspects.
China has created an extensive censorship policy regulating online content to restrict the information within its territory. Social media sites including Weibo, Douyin, Bilibili and Baidu Zhidao along with search engine platforms like Baidu, and Sogou have followed strict government policies to curb the dissemination of information deemed harmful to the party’s image. These tech giants have restricted information by “hard censor”, filtering and blocking content related to China’s Communist Party.
The Chinese government leverages technological development and prioritises domestic tech companies to regulate political and social discourses and economic functions.
China exerts control over information within its borders by giving prominence to its local tech giants, collectively referred to as BATX (Baidu, Alibaba, Tencent, and Xiaomi), over their Western counterparts GAMA (Google, Amazon, Meta, and Apple). With the growing significance of digital platforms, nations can control information flow through cyberspace, gaining financial and political leverage. The Chinese government leverages technological development and prioritises domestic tech companies to regulate political and social discourses and economic functions.
China has also taken steps to solidify its cyberspace through data localisation. The Personal Information Protection Law (PIPL) and the Data Security Law (DSL) in 2021 were formulated to strengthen its regulation and cross-border data flows. These Chinese data protection laws also carry an extraterritorial effect, based on two important principles—who is processing the data and what sort of data is being processed, clearly outlining the rules for organisations to store data locally and when they can trade it abroad.
Domestic measures to control cyberspace strengthen the notion of China’s sovereignty and create a bigger picture in front of the international community. Although these domestic measures have been largely criticised by the West, several countries have followed the Chinese footprint. For example, Vietnam has introduced a new cybersecurity law giving the state the right to control or block websites.
External actions to implement cyber sovereignty
China uses offensive measures, including censorship, data localisation, malware attacks, Distributed Denial of Service (DDoS) attacks, economic and cyber espionage, attacks on government websites, and stealing Intellectual Property from pharmaceutical, energy sectors, and tech companies.
China utilises the zero-day vulnerability, an undefined security gap in the system. China applies it as a tactic for intelligence gathering, gaining access to global targets and reconnaissance activities. This gives leverage to China to strengthen its position in the South China Sea and compete with its adversaries while targeting critical infrastructure. The US has accused China of economic espionage along with accusing the Volt Typhoon, a Chinese state-sponsored espionage & hacking group of attacking its water treatment plants, electrical grid and transportation sector.
Employing external measures in cyberspace China launched the Digital Silk Road (DSR) programme, as part of the Belt and Road Initiative. China has onboarded 40 countries in various projects on digital cooperation and infrastructure building and has provided cost-effective infrastructure and surveillance technology to 138 countries across Africa, Latin America, West Asia, Eastern Europe, and Southeast Asia. More importantly, 50 percent of DSR signatory countries are in the Indo-Pacific, giving a platform for China to maintain its dominance in the regional digital governance architecture.
The US has accused China of economic espionage along with accusing the Volt Typhoon, a Chinese state-sponsored espionage & hacking group of attacking its water treatment plants, electrical grid and transportation sector.
China also advocates for multilateral bodies to regulate cyberspace. For instance, it gives prominence to the International Telecommunication Union (ITU) to counter the Internet Cooperation for Assigned Names and Numbers (ICANN), focusing on state participation and bottom-up collaboration. The multilateral approach is put forth by China for high state control and how the internet can be governed.
Through these measures, China extended its concept of sovereignty to cyberspace where states decide the policies and laws of the internet. Beijing considers the state as a de facto entity in governing the global internet with equal participation by the sovereign states responsible for communicating the claims of both its citizens and the international community.
Global response
Although China has consistently denied accusations of conducting cyberattacks, several countries have listed China as the most prominent danger to their cyber security. The UK and the US have accused China’s Advanced Persistent Threat APT31 hacking group sponsored by China’s Ministry of State Security of conducting a malicious cyber campaign against the UK’s Electoral Commission, and the US has accused China of attacking its businesses, government officials, and politicians.
China, implementing its cyber sovereignty while restricting the flow of information within its boundary has provided its clear stand for creating an alternate cyber sovereignty model.
While Western countries have criticised China for imposing its techno-authoritarianism, countries like Egypt, Tanzania, Laos, Pakistan, Vietnam, Uganda, and Zimbabwe have adopted laws similar to China’s cybersecurity regulations. This has reflected China’s influence on the global digital order where countries have followed Chinese regulations including blocking websites, data localisation, and removing digital content.
Conclusion
China takes a cyber defensive and cyber offensive approach to implement its domestic and external measures of regulating cyberspace. China, implementing its cyber sovereignty while restricting the flow of information within its boundary has provided its clear stand for creating an alternate cyber sovereignty model. Contrary to the model followed by the US which values a multi-stakeholder approach, China has pushed for a multilateral approach.
Under a multilateral approach, China has advocated for the state's role in regulating cyber laws and for strong state control over establishing cyber sovereignty. Although China’s state control has attracted few states, it has created wide criticism for undermining the rights of its citizens, foreign investments and multinational companies to regulate freely within its boundaries. Despite criticism of carrying out techno-authoritarianism and cyber espionage, China has influenced global digital governance, shaping the balance of power and providing the lens to see the non-Western approach in cyberspace.
Kalpana Pandey is a Research Intern at the Observer Research Foundation
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.