Written by Emilio Iasiello.

Like all things associated with “cyber,” the question of sovereignty is one of those areas that has proven divisive in the international community. Generally, western governments continue to push back on the issue of cyber sovereignty while other governments like China maintain that it’s a government’s fundamental right to develop and regulate its portion of the larger global internet. Critics of sovereignty assert that it can be leveraged by an authoritarian government as justification to further restrict and control information and internet monitoring in the name of its state’s security interests. And while this interpretation may be valid, there is a legitimate need to increase vigilance via technological, legal, and policy initiatives to address what traverses over the networks in a country. The proliferation of cyber crime, cyber espionage, and the destructive and disruptive acts of cyber malfeasance from both large and small nation states are often facilitated via remote operations using the internet to exploit, deploy, and spread malware.

Cyber security remains an ongoing challenge for all states, and current efforts – while laudable – are clearly not reducing the volume of hostile activity around the globe. Hostile actors continue to be innovative, adaptable, and capable of developing and modifying advanced malware and exploitation tools. Therefore, implementing cyber sovereignty as an additional tool to help curb these acts makes sense. Many experts believe that a state’s sovereignty is a primary rule of international law whose territorial rights extend to both sea and air. Similarly, this principle would apply to the infrastructure and networks existing within a state’s territory.

China has not only been promoting cyber sovereignty on the world stage but also has been undergoing internal efforts such as the Great Firewall and its non-approved virtual private network ban to ensure control over what enters and leaves its networks. Over only a few years, the Chinese government has drafted and enacted a series of diverse pieces of legislation spanning anti-terrorism, cyber security, and national security among others, designed to not only improve its internet security (a priority under President Xi), but dictate how organisations within its borders use technology, reserving the right to identify and mitigate what the government deems potentially harmful. While considered economically protectionist by some, these legislative initiatives accomplish the goal of strengthening China’s strategic security interests and reinforce its belief that states have the right to manage their interior affairs. In this way, via legislation the government is implementing the internal legal framework to support its perceived right of cyber sovereignty, even if the rest of the world still debates its merits. It doesn’t matter if other state’s embrace sovereignty on an international level, China’s new laws guarantee Beijing’s right to monitor and mitigate perceived threats.

China’s cyber sovereignty views clearly indicate that its security perspective is holistic in nature and that its cyber security readiness is inextricably intertwined with its overall national security posture. That perspective has largely been rejected by a west that still prefers to view the protection of internet technology and not the information that is processed, stored, or moved through it, as the focus of security. This is surprising given that some of the more impactful cyber activities affecting the United States have come via “soft” information operations such as what occurred during the 2016 Presidential campaign. For all of the press generated by the stories of the hacking “attempts” made to gain access to state election systems, the more pertinent threat involved paid ads and the use of social media platforms to influence voters.

Indeed, the diffusion of information – not hacking – has been seen as the catalyst for the political turmoil that occurred during the Color Revolutions and the Arab Spring. These types of activities would certainly be restricted under cyber sovereignty as it’s logical to assume that governments would institute measures intended to preserve its social, political, and economic stability.

What’s more notable about China’s recent internal initiatives is that they address the cyber security challenges indicative of today’s challenges. Much of the activity associated with hacking involves the exploitation of technology and technology devices. The weaponisation of information does not. Solely concentrating on the technology side is glaringly missing a major component of the larger information security enterprise. Cyber sovereignty is a holistic approach giving a state its natural right to use whatever means necessary to protect its interests. China’s moves demonstrate it acknowledges and understands this reality, and what’s more, is doing something about it while everyone else is watching from the side.

Emilio Iasiello is currently a Senior Threat Analyst at Looking Glass Cyber Solutions having previously worked for the Defense Intelligence Agency. He has presented at NATO’s Cooperative Cyber Defense Center of Excellence. Image Credit: CC by UDOT/Flickr.