China’s national cyberspace security strategy
December 2016
Strategies and Action Plans
Unofficial English translation of the ‘National cyberspace security strategy’ (full text)
On December 27 [2016], with the approval of the Central Leading Group for Cyberspace Security and Informatization, the Cyberspace Administration of China issued the “National Cyberspace Security Strategy”. The full text is as follows.
The widespread application of information technology and the rise and development of cyberspace have greatly promoted economic and social prosperity and progress, but have also brought new security risks and challenges. Cyberspace security (hereinafter referred to as cybersecurity) is related to the common interests of mankind, world peace and development, and the national security of all countries. Maintaining my country’s cybersecurity is an important measure to coordinate the strategic layout of building a moderately prosperous society in all respects, deepening reform in all respects, governing the country according to law in all respects, and governing the party strictly in all respects. It is also an important guarantee for achieving the “two centenary” goals and realizing the Chinese dream of the great rejuvenation of the Chinese nation. This strategy is formulated to implement President Xi Jinping’s “four principles” on promoting the reform of the global Internet governance system and the “five-point proposition” on building a community with a shared future in cyberspace, clarify China’s major position on the development and security of cyberspace, guide China’s cybersecurity work, and safeguard the country’s sovereignty, security, and development interests in cyberspace.
I. Opportunities and Challenges
1. Major Opportunities
With the rapid development of the information revolution, the cyberspace composed of the Internet, communication networks, computer systems, automated control systems, digital devices and the applications, services and data they carry is comprehensively changing people’s production and lifestyles and profoundly affecting the historical development of human society.
A new channel for information dissemination. The development of network technology has broken through the limitations of time and space, expanded the scope of dissemination, innovated the means of dissemination, and triggered a fundamental change in the dissemination pattern. The Internet has become a new channel for people to obtain information, learn and communicate, and a new carrier for the dissemination of human knowledge.
A new space for production and life. In today’s world, the Internet is deeply integrated into people’s study, life, work and other aspects. Online education, entrepreneurship, medical care, shopping, finance, etc. are becoming increasingly popular. More and more people are exchanging ideas, achieving careers and realizing their dreams through the Internet.
A new engine for economic development. The Internet is increasingly becoming a leading force in innovation-driven development. Information technology is widely used in all sectors of the national economy, promoting the transformation and upgrading of traditional industries, giving rise to new technologies, new formats, new industries, and new models, promoting economic structural adjustment and changes in economic development methods, and injecting new impetus into economic and social development.
A new carrier of cultural prosperity. The Internet has promoted cultural exchanges and knowledge popularization, released the vitality of cultural development, promoted cultural innovation and creation, enriched people’s spiritual and cultural life, and has become a new way to spread culture and a new means of providing public cultural services. Internet culture has become an important part of cultural construction.
A new platform for social governance. The role of the Internet in promoting the modernization of the national governance system and governance capacity is becoming increasingly prominent. The application of e-government is becoming more in-depth, and government information is open and shared, which has promoted the scientific, democratic and legal government decision-making, unblocked the channels for citizens to participate in social governance, and become an important way to protect citizens’ right to know, right to participate, right to express and right to supervise.
A new link for communication and cooperation. The intertwined development of informatization and globalization has promoted the global flow of information, capital, technology, talents and other factors, and enhanced the exchange and integration of different civilizations. The Internet has turned the world into a global village, and the international community has increasingly become a community of shared future where you are in me and I am in you.
A new frontier of national sovereignty. Cyberspace has become a new area of human activity that is as important as land, sea, sky and space. National sovereignty has been extended to cyberspace, and cyberspace sovereignty has become an important part of national sovereignty. Respecting cyberspace sovereignty, maintaining network security, seeking co-governance and achieving win-win results are becoming a consensus of the international community.
2. Severe challenges
The cyber security situation is becoming increasingly severe, and the country’s political, economic, cultural, social, national defense security and citizens’ legitimate rights and interests in cyberspace are facing severe risks and challenges.
Network penetration endangers political security. Political stability is the basic premise for national development and people’s happiness. Using the Internet to interfere in other countries’ internal affairs, attack other countries’ political systems, incite social unrest, subvert other countries’ regimes, as well as large-scale network monitoring and network theft seriously endanger national political security and user information security.
Cyber attacks threaten economic security. Networks and information systems have become the nerve center of key infrastructure and even the entire economic society. If they are attacked and damaged, or major security incidents occur, it will paralyze infrastructure such as energy, transportation, communications, and finance, causing catastrophic consequences and seriously endangering national economic security and public interests.
Harmful information on the Internet erodes cultural security. Various thoughts and cultures on the Internet are stirring and clashing with each other, and excellent traditional culture and mainstream values are facing impacts. Online rumors, decadent culture, and harmful information such as obscenity, violence, and superstition that violate the core socialist values erode the physical and mental health of young people, corrupt social customs, mislead value orientations, and endanger cultural security. Moral anomie and lack of integrity are frequent on the Internet, and the level of Internet civilization needs to be improved urgently.
Cyber terrorism and illegal crimes undermine social security. Terrorism, separatism, extremism and other forces use the Internet to incite, plan, organize and carry out violent terrorist activities, directly threatening people’s lives, property and social order. Computer viruses and Trojans spread in cyberspace, and illegal activities such as online fraud, hacker attacks, infringement of intellectual property rights and abuse of personal information are widespread. Some organizations wantonly steal user information, transaction data, location information and corporate trade secrets, seriously damaging the interests of the country, enterprises and individuals, and affecting social harmony and stability.
International competition in cyberspace is in the ascendant. The competition to seize and control strategic resources in cyberspace, seize the right to formulate rules and strategic commanding heights, and seek strategic initiative is becoming increasingly fierce. Some countries have strengthened their cyber deterrence strategies and intensified the arms race in cyberspace, and world peace has faced new challenges.
Cyberspace has both opportunities and challenges, with opportunities outweighing challenges. We must adhere to active use, scientific development, legal management, and security assurance, resolutely safeguard cyber security, maximize the potential for cyberspace development, better benefit the more than 1.3 billion Chinese people, benefit all mankind, and firmly safeguard world peace.
II. Objectives
Guided by the overall national security outlook, we will implement the development concept of innovation, coordination, greenness, openness and sharing, enhance risk and crisis awareness, coordinate the domestic and international situations, coordinate the two major issues of development and security, actively defend and effectively respond, promote peace, security, openness, cooperation and order in cyberspace, safeguard national sovereignty, security and development interests, and achieve the strategic goal of building a cyber power.
Peace: The abuse of information technology is effectively curbed, activities that threaten international peace, such as the arms race in cyberspace, are effectively controlled, and conflicts in cyberspace are effectively prevented.
Security: Cybersecurity risks are effectively controlled, the national cybersecurity assurance system is sound and complete, core technology equipment is safe and controllable, and network and information systems operate stably and reliably. Cybersecurity talents meet the demand, and the cybersecurity awareness, basic protection skills and confidence in using the Internet are greatly improved.
Openness: Information technology standards, policies and markets are open and transparent, product circulation and information dissemination are smoother, and the digital divide is increasingly bridged. Regardless of size, strength, poverty or wealth, all countries in the world, especially developing countries, can share development opportunities, share development results, and participate fairly in cyberspace governance.
Cooperation: Countries around the world are cooperating more closely in areas such as technological exchanges and combating cyber terrorism and cybercrime. The multilateral, democratic and transparent international Internet governance system is sound and complete, and a community with a shared future in cyberspace with win-win cooperation at its core is gradually taking shape.
Orderly: The public’s legitimate rights and interests in cyberspace, such as the right to know, the right to participate, the right to express, and the right to supervise, are fully guaranteed, personal privacy in cyberspace is effectively protected, and human rights are fully respected. The domestic and international legal systems, standards and norms for cyberspace are gradually established, cyberspace is effectively governed according to law, the cyber environment is honest, civilized, and healthy, and the free flow of information is organically unified with the maintenance of national security and public interests.
III. Principles
A safe, stable and prosperous cyberspace is of great significance to all countries and the world. China is willing to work with all countries to strengthen communication, expand consensus, deepen cooperation, actively promote the reform of the global Internet governance system, and jointly maintain peace and security in cyberspace.
1. Respecting and maintaining cyberspace sovereignty
The sovereignty of cyberspace must not be violated. We respect the rights of all countries to independently choose their own development path, network management model, Internet public policy and to equally participate in international cyberspace governance. Cyber affairs within the scope of sovereignty of each country shall be decided by the people of each country. Each country has the right to formulate laws and regulations on cyberspace in accordance with its national conditions and drawing on international experience, and take necessary measures in accordance with the law to manage its own information systems and cyber activities on its territory; protect its own information systems and information resources from intrusion, interference, attack and destruction, and safeguard the legitimate rights and interests of citizens in cyberspace; prevent, stop and punish the spread of harmful information that endangers national security and interests on its own network, and maintain the order of cyberspace. No country should pursue cyber hegemony or double standards, use the Internet to interfere in the internal affairs of other countries, or engage in, condone or support cyber activities that endanger the national security of other countries.
2. Peaceful Use of Cyberspace
The peaceful use of cyberspace is in the common interests of mankind. All countries should abide by the principle of the UN Charter that no force should be used or threatened, prevent information technology from being used for purposes that are contrary to maintaining international security and stability, and jointly resist the arms race in cyberspace and prevent conflicts in cyberspace. We should respect each other, treat each other as equals, seek common ground while reserving differences, tolerate mutual trust, respect each other’s security interests and major concerns in cyberspace, and promote the building of a harmonious cyber world. We should oppose the use of technological advantages to control other countries’ networks and information systems, collect and steal other countries’ data under the pretext of national security, and we must not seek our own so-called absolute security at the expense of other countries’ security.
3. Governing cyberspace in accordance with the law
We will comprehensively promote the rule of law in cyberspace, adhere to the rule of law in cyberspace governance, operation and access to the Internet, and ensure that the Internet operates healthily on the track of the rule of law. We will build a good network order in accordance with the law, protect the orderly and free flow of information in cyberspace in accordance with the law, protect personal privacy, and protect intellectual property rights. While any organization or individual enjoys freedom and exercises rights in cyberspace, they must abide by the law, respect the rights of others, and be responsible for their own words and deeds on the Internet.
4. Coordinate cybersecurity and development
Without cybersecurity, there is no national security; without informatization, there is no modernization. Cybersecurity and informatization are two wings of one body and two wheels of one drive. We should correctly handle the relationship between development and security, and insist on using security to ensure development and development to promote security. Security is the premise of development, and any development at the expense of security is difficult to sustain. Development is the foundation of security, and lack of development is the greatest insecurity. Without informatization, cybersecurity cannot be guaranteed, and existing security may even be lost.
IV. Strategic Mission
China has the largest number of Internet users and the largest network in the world. Maintaining China’s cyber security is not only a need for China itself, but also has great significance for maintaining global cyber security and even world peace. China is committed to safeguarding national cyberspace sovereignty, security, and development interests, promoting the Internet to benefit mankind, and promoting the peaceful use and joint governance of cyberspace.
1. Firmly defending cyberspace sovereignty
We will manage network activities within our sovereignty in accordance with the Constitution and laws and regulations, protect the security of our information facilities and information resources, and take all measures, including economic, administrative, scientific, legal, diplomatic, and military measures, to unswervingly safeguard our sovereignty in cyberspace. We will firmly oppose all acts that subvert our national regime and undermine our national sovereignty through the Internet.
2. Resolutely safeguard national security
Prevent, stop and punish according to law any act of using the Internet to commit treason, secession, sedition, subversion or incitement to subvert the people’s democratic dictatorship regime; prevent, stop and punish according to law any act of using the Internet to steal, disclose state secrets and other acts that endanger national security; prevent, stop and punish according to law any foreign forces using the Internet to carry out infiltration, sabotage, subversion and secession activities.
3. Protecting critical information infrastructure
National critical information infrastructure refers to information facilities that are related to national security, national economy and people’s livelihood, and once data is leaked, destroyed or lost, it may seriously endanger national security and public interests. It includes but is not limited to basic information networks that provide public communications, radio and television transmission and other services, energy, finance, transportation, education, scientific research, water conservancy, industrial manufacturing, medical care, social security, public utilities and other fields and important information systems of state organs, important Internet application systems, etc. Take all necessary measures to protect critical information infrastructure and its important data from attacks and damage. Adhere to the balance of technology and management, protection and deterrence, focus on identification, protection, detection, early warning, response, disposal and other links, establish and implement a critical information infrastructure protection system, increase investment in management, technology, talents, funds and other aspects, adopt comprehensive measures in accordance with the law, and effectively strengthen the security protection of critical information infrastructure.
The protection of critical information infrastructure is the common responsibility of the government, enterprises and the whole society. The competent, operating units and organizations should take necessary measures to ensure the security of critical information infrastructure in accordance with the requirements of laws, regulations and institutional standards, and gradually implement assessment before use. Strengthen the risk assessment of critical information infrastructure. Strengthen the security protection of websites in party and government agencies and key areas. The websites of grassroots party and government agencies should be built, operated and managed in an intensive mode. Establish an orderly sharing mechanism for network security information among the government, industry and enterprises, and give full play to the important role of enterprises in protecting critical information infrastructure.
Adhere to opening up to the outside world and maintain network security in an open environment. Establish and implement a network security review system, strengthen supply chain security management, conduct security reviews on important information technology products and services purchased and used by party and government agencies and key industries, improve the security and controllability of products and services, and prevent product and service providers and other organizations from using information technology advantages to engage in unfair competition or harm the interests of users.
4. Strengthening the construction of network culture
Strengthen the construction of online ideological and cultural positions, vigorously cultivate and practice the core socialist values, implement network content construction projects, develop positive network culture, spread positive energy, gather strong spiritual power, and create a good network atmosphere. Encourage the expansion of new businesses and the creation of new products, build network cultural brands that reflect the spirit of the times, and continuously improve the scale and level of the network cultural industry. Implement the online dissemination project of Chinese excellent culture, and actively promote the digitalization, networking and dissemination of excellent traditional culture and contemporary cultural masterpieces. Give full play to the advantages of the Internet dissemination platform, promote the exchange and mutual learning of excellent Chinese and foreign cultures, let people of all countries understand the excellent Chinese culture, let the Chinese people understand the excellent cultures of all countries, and jointly promote the prosperity and development of network culture, enrich people’s spiritual world, and promote the progress of human civilization.
Strengthen the construction of network ethics and network civilization, play the role of moral education and guidance, nourish the network space with the outstanding achievements of human civilization, and repair the network ecology. Build a civilized and honest network environment, advocate civilized network management and civilized Internet access, and form a safe, civilized and orderly information dissemination order. Resolutely crack down on the spread of rumors, obscenity, violence, superstition, cults and other illegal and harmful information in cyberspace. Improve the network civilization literacy of young people, strengthen the protection of minors online, and create a good network environment for the healthy growth of young people through the joint efforts of the government, social organizations, communities, schools, families and other aspects.
5. Combating cyber terrorism and crimes
Strengthen the construction of cyber counter-terrorism, counter-espionage and anti-espionage capabilities, and crack down on cyber terrorism and cyber espionage activities.
We will adhere to comprehensive management, source control, and prevention in accordance with the law, and severely crack down on illegal and criminal activities such as online fraud, online theft, gun and drug trafficking, infringement of citizens’ personal information, dissemination of obscene pornography, hacker attacks, and infringement of intellectual property rights.
6. Improving the Internet Governance System
Adhere to the legal, open and transparent management and control of the Internet, and ensure that there are laws to follow, laws must be followed, law enforcement must be strict, and violations must be investigated. Improve the legal and regulatory system for network security, formulate and promulgate laws and regulations such as the Cybersecurity Law and the Regulations on the Protection of Minors on the Internet, clarify the responsibilities and obligations of all aspects of society, and clarify the requirements for network security management. Accelerate the revision and interpretation of existing laws to make them applicable to cyberspace. Improve relevant systems for network security, establish a network trust system, and improve the scientific and standardized level of network security management.
Accelerate the construction of a network governance system that combines legal norms, administrative supervision, industry self-discipline, technical support, public supervision, and social education, promote innovation in the management of network social organizations, and improve the linkage mechanism of basic management, content management, industry management, and prevention and crackdown of network crimes. Strengthen the protection of legitimate rights and interests such as confidentiality of cyberspace communications, freedom of speech, commercial secrets, and reputation and property rights.
Encourage social organizations to participate in Internet governance, develop Internet public welfare undertakings, and strengthen the construction of new Internet social organizations. Encourage netizens to report Internet illegal activities and harmful information.
7. Strengthening the foundation of cybersecurity
Adhere to innovation-driven development, actively create a policy environment conducive to technological innovation, coordinate resources and forces, take enterprises as the main body, combine production, learning, research and application, work together to tackle key problems, take points to lead the whole, and promote as a whole, so as to make breakthroughs in core technologies as soon as possible. Pay attention to software security and accelerate the promotion and application of safe and reliable products. Develop network infrastructure and enrich the information content of cyberspace. Implement the “Internet +” action and vigorously develop the network economy. Implement the national big data strategy, establish a big data security management system, and support the innovation and application of new generation information technologies such as big data and cloud computing. Optimize the market environment, encourage network security companies to become bigger and stronger, and lay a solid industrial foundation for national network security.
Establish and improve the national cybersecurity technical support system. Strengthen the research on basic theories and major issues of cybersecurity. Strengthen cybersecurity standardization and certification and accreditation, and make greater use of standards to regulate cyberspace behavior. Do a good job in basic work such as graded protection, risk assessment, and vulnerability discovery, and improve the cybersecurity monitoring and early warning and emergency response mechanisms for major cybersecurity incidents.
Implement the cybersecurity talent project, strengthen the construction of cybersecurity disciplines and majors, build first-class cybersecurity colleges and innovation parks, and form an ecological environment conducive to talent cultivation and innovation and entrepreneurship. Organize the Cybersecurity Publicity Week activities well and vigorously carry out cybersecurity publicity and education for all. Promote cybersecurity education into textbooks, schools, and classrooms, improve network media literacy, enhance the cybersecurity awareness and protection skills of the whole society, and improve the identification and resistance of the majority of netizens to illegal and harmful information on the Internet, network fraud and other illegal and criminal activities.
8. Improving cyberspace protection capabilities
Cyberspace is a new frontier of national sovereignty. We should build a cyberspace protection force that is commensurate with my country’s international status and compatible with being a cyber power, vigorously develop cyber security defense means, timely detect and resist cyber intrusions, and build a strong backing for maintaining national cyber security.
9. Strengthening International Cooperation in Cyberspace
On the basis of mutual respect and mutual trust, we will strengthen international cyberspace dialogue and cooperation and promote changes in the global Internet governance system. We will deepen bilateral and multilateral cybersecurity dialogues and information exchanges with various countries, effectively manage differences, actively participate in global and regional cybersecurity cooperation, and promote the internationalization of basic resource management such as Internet addresses and root domain name servers.
Support the United Nations in playing a leading role, promote the formulation of international rules for cyberspace and an international counter-terrorism convention in cyberspace that are generally accepted by all parties, improve the judicial assistance mechanism for combating cybercrime, and deepen international cooperation in the fields of policies and laws, technological innovation, standards and specifications, emergency response, and protection of critical information infrastructure.
We will strengthen support and assistance for the popularization of Internet technology and infrastructure construction in developing countries and underdeveloped regions, and strive to bridge the digital divide. We will promote the construction of the Belt and Road Initiative, improve the level of international communications interconnection, and smooth the information Silk Road. We will build global Internet sharing and governance platforms such as the World Internet Conference to jointly promote the healthy development of the Internet. Through active and effective international cooperation, we will establish a multilateral, democratic, and transparent international Internet governance system, and jointly build a peaceful, secure, open, cooperative, and orderly cyberspace.