State Council Highlights China’s Information Security Challenges

On May 9, Premier Wen Jiabao opened an executive meeting of the State Council on promoting China’s development of information technology and information security. The meeting promulgated a new opinion “Vigorously Promote Informatization Development and Earnestly Guarantee Information Security.” Premier Wen called for a clear division of labor and assignment of responsibilities as well as increased financial support for informatization (Shanghai Securities News, May 10; Xinhua, May 9). Recently released figures from Sichuan suggest this support could be substantial, boosting local information security funding nationwide by 30 percent (Sichuan News Network, May 8). The State Council meeting and its outcome shows the persistent concern for security that runs throughout Beijing’s push to modernize its information technology infrastructure. Beyond cyber security, the involvement of China’s foremost reform advocate in security affairs and a related policy initiative by a factional ally suggests a setback for China’s security chief, Zhou Yongkang.

The new opinion enumerated the following six points for developing China’s information technology infrastructure: expand China’s broadband infrastructure and deploy next generation Internet infrastructure; deepen the integration of industrialization and informatization; accelerate informatization in the social domain, including e-government; improve information services for the agricultural industry; improve information security and management; and accelerate construction of security capabilities. In four of the six categories, information security play a key role, reflecting Beijing’s concern that Chinese computers and networks are too vulnerable to attacks and inadvertent leaks—a point echoed during Defense Minister Liang Guanglie’s recent visit to Washington (Xinhua, May 9; China Daily, May 8; BBC, May 8; Outlook, May 6).

In a widely reprinted article in Outlook, one analyst observed that as Chinese government organizations depend more on information systems, the challenges of information security multiply. One of the primary concerns is how to educate users on changing their behavior to cut back on inadvertent leaks, e.g. through removable storage media and unauthorized connections between secure and unsecure systems (Outlook, May 6; April 16). These concerns have generated some novel efforts to improve cadre awareness, so officials do not fall afoul of regulations. Last year on Hainan Island, for example, security authorities led by the local party secretary, Luo Baoming, opened a museum exhibit on information security practices as well as the consequences of poor secrecy protection work. Luo saw the museum exhibit as a way to counteract dereliction of duty, ignorance and negligence as a source of information leaks (Hainan Daily, August 23, 2011).

The other part of building a modern, informatized economy is increasing China’s domestic production of information technology. Although a robust domestic industry has economic benefits, Beijing in this context is concerned with foreign countries’ abilities to build back doors into Chinese government and corporate networks—exploiting the “soft underbelly of supply-chain security.” Currently, China imports 90 percent of its microchips and networking equipment as well as 65 percent of its information security equipment and software—e.g. network firewalls, encryption and network monitoring (Outlook, April 16). The State Council’s recent meeting expands off of and puts a higher-level imprimatur on a Ministry of Industry and Information Technology directive last fall, entitled “Notice on Strengthening Security Management for Industrial Control Systems,” that highlighted the need to build security practices into the normal use of corporate and industrial networks (People’s Net, October 28, 2011).

Concurrent to the State Council session, the newly-launched “Chengdu Information Security Industry Plan Under the Twelfth Five Year Plan” offers an ambitious expansion of information security and secrecy protection work, aiming to more than double this budget by 2015 (Sichuan News Service, May 8). The ambitious investment program and explicitly competitive nature of Chengdu’s plan suggest Chinese information security efforts may suffer from being too localized. Local decisions on technology that is incompatible with other locales’ equipment and software has been a problem in the past, even in such areas as integrating public security databases considered a high priority (China Police Daily, November 18, 2009). Recent commentaries continue to note the need for greater standardization in both the human and technical elements of integrating and securing an increasingly networked China, especially in the area of information security (Outlook, May 6; April 16).

Lastly, there may be a political implication in the State Council announcement. Premier Wen is a curious figure to be announcing such a substantial spending increase on security, even though he has the economic portfolio and informatization has clear implications for the economy. While State Councilor Meng Jianzhu and a key figure behind the public security informatization probably participated in the executive meeting, Zhou Yongkang remained absent from media discussions of information technology and information security as elements of managing stability (Xinhua, May 9). Perhaps not coincidentally, Liu Qibao, the Sichuan Party Secretary with ostensible responsibility for overseeing Chengdu’s plan, also was a former senior Communist Youth League official during the 1980s. Liu’s background probably aligns him strongly with Hu Jintao’s tuanpai faction. This adds to the growing number of reasons to think Zhou has suffered some setbacks as a result of Bo Xilai’s misuse of the police force and Chen Guangcheng’s escape.