The Chinese Assistant Foreign Minister, Zheng Zeguang, set the tone for the recent ARF Cyber Workshop in Beijing when he said there should be three priorities for the nations gathered in the room. First, that they should ‘respect each other’ and ‘build political consensus’ on cyber capacity-building. According to Zheng, that’s because Asia–Pacific nations ‘differ and have different requirements’ and that there was a need to ‘accommodate all of those on the basis of mutual respect and the need for common development’. His second point was that the ASEAN Regional Forum should take a ‘pragmatic’ approach to ‘build cyber capacity together’ to include joint research on both software and hardware as well as information sharing, and that nations with greater capabilities should work to build the capacity of those that don’t. Third, this should be done in a way that all ASEAN Regional Forum members can ‘benefit together from the digital economy’.
Many of these themes should be present in the keenly anticipated and snappily titled, ‘ASEAN Regional Forum Work Plan on Security of and in the use of Information and Communications Technologies (ICTs)’, to be released by the ARF. The key purpose of the work plan is to promote a peaceful, secure, open and cooperative cyber environment, and prevent conflict and crises in cyberspace through building confidence between states in the region and capacity building.
Minister Zheng’s comments appear to resonate well with the work plan’s narrative; that the region is approaching the point of an emerging consensus on cyber capacity in the region shouldn’t be underestimated. However, the key to all of this is the interpretation of his three points, and members states’ interpretations will vary wildly depending upon where on the political ideological spectrum they sit. This became evident as the ARF progressed and the key messages emerged from some of the presentations.
The message—that cyber capacity building is going to take place in the Asia–Pacific and the ‘big players’ are getting ready to lead this effort in earnest—was clear and was received in no uncertain terms by all present. This is a positive message, as some presenters went to great pains to point out, the digital divide is still evident in the Asia-Pacific and the gaps between the ‘haves’ and the ‘have-nots’ is growing quickly. Creating some baselines will assist in raising security, stimulate economic growth and lower the potential for miscalculation or misinterpretation.
As a keen listener to the presentations it felt like the Chinese were couching themselves amongst those that were developing in this area, and to a degree this is true. Only 46% of the population has internet access which gives enormous capacity for growth, and China is only beginning to cultivate an innovation culture in this area. But this seems counter to their wish to be considered part of new ‘great power relations’ which would place China on a more level playing field with the US. Rather, the image of a fellow developing nation makes the Chinese less imposing to its smaller neighbours when it offers its cyber capacity building wares. And this could reduce suspicion of their true motives when they offer to build entire networks.
Let’s not kid ourselves that the US will differ much in its approach, despite its claims of an entirely altruistic agenda. Cyber capacity building will be used to re-enforce existing alliances and friendships and strike up new ones. Illustrating how easily the capacity building agenda will become part of the broader contest for strategic influence in the Asia–Pacific.
There are many regional nations regionally who find it hard not to accept China’s assistance in cyber capacity building. That assistance will be delivered through the lens of ‘techno-nationalism’. This part of the discussion from Chinese presenters emphasised the capability of Chinese industry to develop affordable computing for all, and how companies such as Alibaba are driving new innovative business models within China.
This can’t be disputed, but this goes hand in glove with President Xi’s ambitious drive to place China as a major cyber power. Xi’s plan includes nationalising the ICT base of China and creating an environment that pushes China to the forefront of technological advancements and gives its companies a competitive edge over foreign enterprises. It also includes the introduction of draft cyber security legislation which further legislates for content control, allows the Chinese authorities to cut internet access during public security emergencies, and set up alert systems and emergency-response measures. Furthermore, it calls for technology that supports crucial sectors to be ‘secure and controllable’ which lends itself easily to requirements for companies to build in ‘back-doors’ allowing third party access to systems, provide encryption keys or hand over source code.
Nations which are being given capacity building assistance by China will, of course, be presented policy and technical advice flavoured by this kind of techno-nationalism. They’ll need to be conscious of whether it’s the correct approach for them. Developing nations such as Myanmar, Cambodia or Laos who are at the beginning of the ICT development journey are already being wooed by all sides. They must think carefully about the kind of cyber ‘blueprint’ they want to develop.