China’s cybersecurity sector advised to build strategically superior capability to deal with suppression of hegemonic powers: CPPCC member
Published: Mar 08, 2023 09:24 PM
A concept photo of digital city Illustration: VCG

A concept photo of digital city Illustration: VCG

China's cybersecurity sector should strengthen its efforts to build strategically superior capability to be capable of dealing with the all-around suppression launched by hegemonic powers, according to a member of the 14th National Committee of the Chinese People's Political Consultative Conference (CPPCC).

In an interview with the Global Times on Tuesday, Xiao Xinguang, a CPPCC member and founder of leading anti-virus company Antiy Labs, said that institutions and companies in cybersecurity field in China should work to build strategically superior capabilities so they can properly counter high-level attacks when dealing with attacks from certain states in high-intensity security conflicts.

"Currently, global cybersecurity risks are in continuous expansion," Xiao said. "Cybercrime alone already cost the global economy more than $1 trillion in 2021. Global economic losses from cybercrime already exceed that of physical crime."

Although China has made great progress in building its cybersecurity system and capabilities, shortcomings remain. For example, the information assets of cyberspace are scattered on the systems of different institutions, and the level of protection of network security is constrained by the risk awareness, technical capability and investment scale of the institutions, Xiao told the Global Times.

In addition, the continued increase in investment in cyberattack capabilities by some hegemonic states has led to the increased militarization of cyberspace. There is a risk of economic and social operations collapsing out of control due to high-intensity cyber attacks from actors with state backgrounds, the expert in cybersecurity said.

In recent years, China's institutions have been repeatedly subjected to cyberattacks from the US. 

In June 2022, Northwestern Polytechnical University (NWPU) in Xi'an, Northwest China's Shaanxi Province, said in a public statement that it had been the victim of cyberattacks from outside the country. Subsequently, when the authorities analyzed the data, they found that the US Office of Tailored Access Operations (TAO) of the National Security Agency (NSA) had constructed channels for remote access to some of China's infrastructure core data networks in the course of launching a cyberattack on NWPU and conducting infrastructure infiltration control.

Xiao noted that high-level cyberattacks manifest as continuous covert information theft and latent prepositioning that is difficult for the attacked organization to perceive. It is difficult for government and enterprises themselves to have sufficient technical and financial capabilities to independently counter threat of high-level cyber attacks, and more common capabilities are needed to support and empower them.

In the face of a complex international situation, the cybersecurity sector can set more aggressive goals, Xiao noted in his proposal to the two sessions this year. "Our goal should be an overall level of cyber defense that continues to narrow the gap with and partially surpass the most developed countries, with a clear advantage over neighboring countries and the ability to counter high-level and national-level attacks."

One of the problems to be solved in order to reach that goal is the inadequate levels of security investment in dealing with important and critical information systems on the operation side. In this regard, Xiao suggested that the authorities rely on methods such as hostile scenario determination and simulation rehearsal around important information systems and critical information infrastructures, and reanalyze the rationality of planning and investment in network security in terms of consequences caused by the risks.

Cyber security is an extremely complex governance system, Xiao said. Institutions being attacked are not only victims, but are also responsible for the attack. These institutions being attacked need to be monitored for accountability, corrected and inspected, and assisted with support, including increased budgetary protection.