Çin Halk Cumhuriyeti’nin Siber Güvenlik Stratejilerinin Analizi

Araştırma Makalesi Research Article Analysis of the Cyber Security Strategies of People’s Republic of China Çin Halk Cumhuriyeti’nin Siber Güvenlik Stratejilerinin Analizi 1 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI* - Barış ÖZDAL** Abstract People’s Republic of China (PRC) is the rising power of the international system, considering its large surface area and natural resources, high and efficient population structure, developing economy inclined to technology use, veto power owned in the United Nations’ Security Council, powerful military, and increasing cyber capacity are considered. The PRC has been planning its cyber security strategy within the purposes of enabling economic growth, developing its military capacity, procuring globally newly emerged technologies within cyber espionage operations, and allowing the security and continuation of the current internal system. As a result, the correlation between PRC’s actual cyber security strategies and ancient war concepts, PRC’s laws and regulations, institutional structures, official papers, documents, and plans for cyber security area will be analyzed in this paper. Then, the paper will examine the basic characteristics of the PRC’s cyber security strategy and thus try to establish a perspective on the PRC’s potential cyber security policy in short and medium term. Keywords: People’s Republic of China, Cyber Strategy, Cyber Space, Cyber Security, Cyber Capacity. * Ph.D., Faculty Member, Bursa Technical University, Faculty of Humanities and Social Sciences, Department of International Relations, e-mail: ali.daricili@btu.edu.tr. ** Prof. Ph.D., Uludağ University, Faculty of Economics and Administrative Sciences, Department of International Relations, e-mail: barisozdal@gmail.com. Geliş Tarihi/Received: 28.02.2018 Kabul Tarihi/Accepted: 26.05.2018 1 Güvenlik Stratejileri Yıl: 8 Sayı:16 Ali Burak DARICILI - Barış ÖZDAL 2 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Öz Çin Halk Cumhuriyeti (ÇHC) geniş yüzölçümü ve doğal kaynakları, büyük ve verimli nüfus yapısı, teknoloji kullanımına yatkın ve gelişen ekonomisi, Birleşmiş Milletler (BM) Güvenlik Konseyi’nde sahip olduğu veto hakkı, güçlü silahlı kuvvetleri ve artan siber kapasitesi dikkate alındığında uluslararası sistemin yükselen gücü konumundadır. ÇHC genel olarak siber güvenlik stratejisini ekonomik büyümesini sağlamak, askerî kapasitesini geliştirmek, küresel düzeyde yeni gelişen teknolojileri siber espiyonaj operasyonları kapsamında temin etmek ve mevcut iç sisteminin güvenliğini ve devamlılığını sağlamak amaçları kapsamında planlamaktadır. Sahip olduğu büyük nüfus, geniş internet altyapısı ve topluluğu dikkate alındığında, ÇHC’nin siber güvenlik stratejisi kapsamında attığı her adımın bir yandan küresel siber uzay alanını da etkilediği hatırda tutulmalıdır. Bu bağlamda ÇHC’nin siber güvenlik stratejisinin tüm detayları ile irdelenmesi, uluslararası ilişkiler disiplini ve siber uzay çalışmaları açısından önemlidir. Bu makalede öncelikle ÇHC’nin güncel siber güvenlik stratejileri ile kadim savaş konseptleri arasındaki etkileşim, ÇHC’nin siber güvenlik alanı ile ilgili kanun ve düzenlemeleri, kurumsal yapılanmaları, resmî belge, doküman ve planlamaları çalışmada analiz edilecektir. Daha sonra ÇHC’nin siber güvenlik stratejisinin temel özellikleri irdelenecek ve ÇHC’nin kısa ve orta vadede potansiyel siber güvenlik politikası hakkında bir perspektif oluşturulmasına çalışılacaktır. Anahtar Kelimeler: Çin Halk Cumhuriyeti, Siber Strateji, Siber Uzay, Siber Güvenlik, Siber Kapasite. Introduction It is clear that the PRC has become an important global power in the recent years within the framework of its large surface area, the full population and the rapidly developing economic and military infrastructure. For this reason, the opinions, intentions, and plans of the PRC administratives in the military, political, economic and technological fields are closely followed by other states. Moreover, when the fact that 721 million of the 3.4 billion Internet users in the world are in the PRC is considered, the importance and effect of the PRC at the point of Analysis of the Cyber Security Strategies of People’s Republic of China setting global scale cyber security strategies is uncontroversial. On the other hand, it shall be remembered that the PCR holds the most extensive cyber security specialist staff by the rate of the users in question and auditing, cybercontrol, and management of such a large internet community requires an institutional infrastructure and strategy. However, in the post-Cold War era, states began to develop cyber security strategies to protect their armies and intelligence units as well as their citizens from potential threats that derive from cyber space. The reason for this is the fact that the states are aware of the need to take effective measures against attacks from cyber space area. In this context, states consider improving cyber capacities in both defense and attack as a new opportunity to develop their military capacities. Despite the fact that new developments in cyber space area have improved the diversity and importance of new actors besides the states in the international system, it can be claimed that the developments in the cyber space reinforced the role of the state at the same time. In this respect, the fact that planning any activities in the cyber space is simple and can be done without leaving any trace introduce new security risks to international system. But developing measures to eliminate these risks also has increased the importance of the states. In addition, it is also the case that the international system has been now more uncertain and anarchic, as a result of the cyber attacks derived from small groups or individuals.1 Within these evaluations depending on the developments in cyber space, many governments have established cyber security institutions and trained cyber experts and academics according to their cyber security strategies. In addition, when it is thought that all these large-scale plans and strategies can be planned and implemented See more at; A. Burak Darıcılı, Siber Uzay ve Siber Güvenlik; ABD ve Rusya Federasyonu’nun Siber Güvenlik Stratejilerinin Karşılaştırmalı Analizi, Bursa, Dora Yayıncılık, pp. 33-35, 2018. Ahmet Naci Ünal, Siber Güvenlik ve Elektronik Bileşenleri, Ankara, Nobel Yayıncılık, pp. 105-122, 2015. 1 3 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 4 Güvenlik Stratejileri Yıl: 14 Sayı: 28 successfully by only states, it can be argued that states have secured the role of the dominant actor in the international system. At this point, the fact that the rules and institutions of international law controlling cyber space have not still been established leads to competitive politics rather than cooperation among states in cyber space. In this case, it can be claimed that the international system evolved into a more uncertain and insecure structure in accordance with the real-political paradigms.2 In this context, PRC, which considers developments in cyber space as both a threat to her security and an opportunity to improve her military capacity, aims to bring out plans and strategies like other states. It can be stated that significant developments are realized in cyber security policies in the 2000s; new plans and institutional structures are established; legislative regulations, which audit and control the national cyber space field are completed quickly as a result of rapid economic and technological growth which the PRC experienced. In other words, today, the PRC has reached the position of global superpower, which can dominate the cyber space field together with the United States (US) and Russian Federation (RF).3 In the context of plans came up from the end of 1980’s, PRC works to design the cyber security strategy rapidly, primarily for the aim of defense and then for the aim of attack, especially within the scope of cyber espionage operations, in relation to protect its domestic safety and stability. In this context, it can be argued that the PRC has primarily economic, political, and military objectives in the cyber security strategy. These objectives can be listed as follows: • to procure state of the art technologies having significant influence within the context of cyber espionage operations to ensure economic growth and stability, 2 See more at; Ibid., pp. 40-45. See more at: A. Burak Darıcılı and Barış Özdal, “The Analysis on the Instruments Forming the Cyber Security Capacity of Russian Federation”, Bilig, (83), pp. 121-125, Autumn 2017. 3 Analysis of the Cyber Security Strategies of People’s Republic of China • to control the internet in order to maintain the governance of the Communist Party of China (CPC) in the country and thus to control the local opponent movements, separatist foci, and possible social uprising attempts, • to develop measures against hostile information warfare plans based on network technologies and to resist against the operations aiming at intervening in the internal affairs of the country, • to establish an important counter/espionage structure against the cyber espionage activities planned against the CPC by the foreign intelligence services, • to support the military capacity within the opportunities made possible through state of the art technologies in cyber space field and, at the same time, to build plans against critical infrastructures of potential hostile military powers, and • to organize information warfare strategies and cyber-attack activities based on network technologies against the areas and governments in a target. On the other hand, an active planning of cyber security strategy of a global superpower like the PRC requires an overall evaluation of many variable paradigms and potential threat foci and plans by the future objectives in question within the context of these evaluations. Also, it shall be known that PRC is tight lipped in all the processes of establishing any strategies about national security including the cyber security plans of the PCR and it is in a particular effort to hide its real intentions.4 In this context, all the processes influencing the establishment of these strategies in question shall be examined in detail for analyzing the cyber security strategy of the PCR in detail. In this respect, the decision-making processes in a determination of a country’s security strategies, keeping in mind that it is directly in relation with the social heritage of that country, the influence of the 4 Ibid., p. 9. 5 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 6 Güvenlik Stratejileri Yıl: 14 Sayı: 28 PRC’s ancient war concepts in shaping the outlines of the contemporary cyber security policies shall also be analyzed. 1. The Correlation between PRC’s Cyber Security Strategies and Ancient War Concepts The social heritage and its contribution to the formation of the theoretical background of cyber strategic processes in current cyber strategy analysis are often neglected. However, there is the social and cultural heritage factor, which determines the decision-making processes and the decisions of the actors, who are in these processes in the strategic plans of a state regarding security field. For example, in the shaping of the current cyber policies of the RF, the “war” of the Russian political elite is considered a political movement style and an honorable image, which are refrained throughout the history. In this context, the strategic mind of the RF considers the cyber space as a new military struggle and conflict area and acknowledges the technological developments as new opportunities to improve the military capacity. It sets up new cyber defense and attack plans in this direction. Chinese culture covers successes in many diverse areas whose history traces back to 10,000 BCE and which is flourished in the geographies dominated and influenced today by the CPC. One of the most important names of this archaic cultural past is the military strategist Sun Tzu of Chinese origin, who lived in Wu State (contemporary China) in 500 BCE and he is considered one of the pioneers of the realpolitik approach. The opinion that Su Tzu has indicated in his work Art of War as “All warfare is based on deception; hence, when we are able to attack, we must seem unable; when using our forces, we must appear inactive; when we are near, we must make the enemy believe we are far away; when far away, we must make him believe we are near”5 influences the shaping of the PRC’s security policies today. In other words, the process of shaping of a strategic approach is based on how much can you benefit from “cheating” and camouflage” practices, as 5 Sun Tzu, Savaş Sanatı, (Translated by Pınar Erturan) Ankara, Remzi Kitapevi, 2016, p. 13. Analysis of the Cyber Security Strategies of People’s Republic of China Su Tzu has implied in his work mentioned. The cheating and camouflage opportunities are prevalent in the cyber space because of the asymmetrical and unanimous structure, which enables to hide time and source of the threat. At this point, in accordance with Su Tzu’s ideas, Mao Tse-Tung’s statements in On Protracted War are as follows: “...to keep the enemy in the dark about where and when our forces will attack.” This, he goes on, creates a basis “for misconceptions and unpreparedness on his part... In order to achieve victory, we must as far as possible make the enemy blind and deaf by sealing his eyes and ears and drive his commanders to distraction by creating confusion in their minds.”6 These are essential concerning analysis of the PRC’s cyber strategy today. As can be seen, Tse-Tung suggests that deceiving the enemy and manipulating its decision-making processes is necessary for victory and developing strategies accordingly to the successor governors. General Wang Pu Feng has taken necessary steps in realizing the cultural mind through practical approaches in 1995. The Chinese People’s Liberation Army (PLA), which is referred in this respect, brings forward that the computer systems of the PLA can be used as a new instrument of both information warfare systematics and conventional military capacity and enabled initiation of extensive plans within PLA in this direction.7 For us, another important reason why Feng has initiated such kind of an attempt is that the PCR’s monitoring, as monitored by worldwide, of the great success of the US in integrating the opportunities based on network technologies with the classical warfare abilities in the First Gulf War. See more at: Samuel B. Griffith, Communist China’s Capacity to Make War, (Published by the Council on Foreign Affairs), https://www.foreignaffairs.com/articles/asia/1965-0101/communist-chinas-capacity-make-war (Accession Date: 16.09.2017). 7 See more at: Pierluigi Paganini, China admitted the existence of Information warfare units, http://securityaffairs.co/wordpress/35114/security/china-admit-cyberarmy.html, (Accession Date: 16.09.2017). 6 7 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 8 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Moreover, review of some of the statements in the book named Unrestricted Warfare written in 1999 by the colonels Qia Liang and Wang Xiangsui, retired from PLA, is worthy of note in the context of archaic Chinese culture’s influence on the contemporary cyber strategic mind. In this respect, Liang and Xiangsui stated that “the PRC can overcome a struggle with a state stronger than itself through benefitting from technological advantages instead of using military power, for example the increasing dependency of the US on network technologies is a very important asymmetrical advantage and wars will be carried out in cyber spaces where weapons are not used instead of military fields in the future.”8 It is evaluated that these thoughts of the colonels are also the basis of the modern cyber security strategy of the PRC. The PRC wants to gain an advantage by developing a sophisticated cyber plans and systematics against countries, which have more powerful armed forces and technological advantages than itself, such as the US, through benefitting from the unanimous and asymmetrical structure of the cyber space. It tries to realize the measures which it has developed or will develop towards achieving this goal through hiding and camouflaging its actual intention using low profile political approaches. At this point, it can be indicated that the modern military, security, and intelligence plans of the PRC are shaped within the principle of “collect as much information as possible about the enemy, keep your information and intentions secret”. Another article written by the General Li Bingyan, retired from PLA, in accordance with the opinions mentioned above, states that “while strategy is important for Eastern societies, technological advantages are important for Western societies and, in this context, West gives great importance only having military and technological 8 See more at: Liang Qiao and Xiangsui Wang, Unrestricted Warfare, (Unofficial translation of the book is available at http://www.c4i.org/unrestricted.pdf), 1999, PLA Literature and Arts House, pp. 204-225. Analysis of the Cyber Security Strategies of People’s Republic of China power but efficient results can be achieved with lower military and technological capacity as is done by the Eastern societies”.9 It can be claimed that this approach is also valuable for us in understanding the decision making processes forming the modern cyber security strategy of the PRC. It can be argued that the concept named “Integrated NetworkElectronic Warfare (INEW)”, which was planned regarding the warfare possibilities based on network technologies by General Dai Qingmin in 2002, is one of the most explicit effects of the cultural heritage in question. In this regard, Qingmin gave special importance to “deception, intelligence, and physical destruction” levels in his concept and determined that the cyber capacity of PLA shall be constituted with the forms of “operational security, deception, computer network attacks, electronic warfare, intelligence, and physical destruction” and thus planned the integrated use of Electronic Warfare (EW) and Computer Network Warfare (CNW).10 On the other hand, the governments of PRC bring forward harsh legal regulations and punishments time to time in order to control the world’s most significant internet infrastructure in their country for maintaining the internal stability and security. It is clear that naturalization of these legislations by most of the Chinese society has not been too much trouble, despite the various social unrests and harsh criticisms of the West. This situation can be considered in terms of “service before self” understanding in Chinese culture.11 Restriction of individual’s rights and freedoms by the authority (dynasty in the past or CPC 9 Diane E. Patton, Evaluating U.S. and Chinese Cyber Security Strategies Within a Cultural Framework, (A Research Report Submitted to the Faculty in Partial Fulfillment of the Graduation Requirements for the Degree of Master of Operational Arts and Sciences), April 2016, http://www.dtic.mil/dtic/tr/fulltext/u2/1031380.pdf (Accession Date: 12.09.2017), p. 7 10 Monika Chansoria, Informationising’ Warfare: China Unleashes the Cyber and Space Domain, (Paper by Centre for Land Warfare Studies), http://www.claws.in/ images/publication_pdf/1270592252MP_20.pdf, (Accession Date: 12.09.2017), p. 7. 11 Chansoria, op. cit., p.8. 9 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 10 Güvenlik Stratejileri Yıl: 14 Sayı: 28 government today) for the sake of social welfare, peace and security are considered as a typical situation within this cultural context by the ordinary PRC citizens. Another critical point shall be highlighted after the evaluation we have carried out within the context of the effects of archaic Chinese culture on the PRC’s cyber security strategy. This critical point is that the literature used regarding cyber security studies in PRC is different from the literature used in the West. In this respect, after the differences are discussed, the details of the papers and documents of the PRC’s official cyber security strategy will be studied. 2. The Terminology of Concepts Used within Cyber Security Concept in PRC The identification differences between the cyber security terminology used in the West and the terminology used in the PRC is important in order to understand the cyber security strategy of the PRC. In this context, generally “information security” or “network security” terms are used in the Chinese terminology instead of cyber security concept. “Network/wangluo” is used instead of the cyber word in official, academic, and military terminology and cyber space concept denotes to the “network space/saibo kangjian” concept. “Network warfare/wanglua zhan” concept is used instead of the concept of cyber warfare.12 As can be understood from the different uses of the terms in question, Chinese specialists and academicians explain every relevant term about the cyber developments with a broader viewpoint and use the concept of “informatisation” instead of using cyber. This concept is described as “the transition process from industrial society to information society”. The “cyber space” concept is a sub-concept of the definition of “network space” and is described by the specialists and academics as 12 See more at; The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), China and Cyber Attitudes, Strategies, Organizations, https://ccdcoe.org/sites/ default/files/multimedia/pdf/CS_organisation_CHINA_092016.pdf, (Accession Date: 13.09.2017), p. 9. Analysis of the Cyber Security Strategies of People’s Republic of China “the communication field which consists of the data processing of the humanity and the cyber space where large part of the world population is involved in”. At this point, the cyber security concept is described as “software and physical security of computers, networks, information systems and processes” in the terminology of the West. The “network security” concept, which corresponds to this term, is conceptualized as “information systems and the content of the information are inseparable and connected parts of the information security”. Another difference is about the definition of “cyber warfare” in the Western terminology and the definition of “information warfare”, which is used instead of it in the Chinese terminology. While both of the concepts in question are described as “any intelligence operation or method planned through information technologies”, this concept is used in describing the psychological warfare operations of mainly the US and the ones with Western source, purely and simply.13 The different definitions we mentioned above are mainly due to two reasons. The first of these is the socialist government system of the PRC. The explanation of the results of the developments based on the network technologies, which are explained within the context of the concepts of cyber space and cyber security and whose results are considered with the definitions such as cyber strategy, cyber-attack, cyber power, information warfare, cyber propaganda etc within this ideological approach is a requirement for Chinese cyber security specialists. Another reason is about the reactional attitude of the PRC against the US and the Western world on the literature shaped around the concept of cyber space and the attempts and operations of them for dominating the literature and the academic studies. Thus, PRC has the effort to develop its own stance and genuine system and becoming a global alternative against the US and Western hegemony in the fields of military, economic, cultural, political, social, and cyber space. 13 See at more; Ibid., pp. 9-10. 11 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 12 Güvenlik Stratejileri Yıl: 14 Sayı: 28 3. The PRC’s Official Papers, Documents and Plans on Cyber Space The end of the 1980’s, which is the time when the civilization and commercialization period of the internet started, is also the period in which the PRC’s official plans on cyber security is brought forward. The PRC initiated its first official attempt on information technologies on the national level in 1986 by establishing the structure named “State Economic Information Management Leading Small Group”. “State Informatisation Leading Group (SILG)” was founded with the decisions taken in 1999 and 2001. Later, “State Network and Information Security Coordination Small Group (SNISCSG)” has begun working as a sub-study structure of SILG in 2003. The main purpose of these groups is the development of PRC in the fields of information technologies. Later, it has been decided that Chinese governments shall encourage local investments in the field of information technologies in the PRC’s 10th Five Year Development Plan published in 2001.14 The main reason of this decision can be claimed that it is their determination and evaluation on the importance of the role of information and network technologies in short and medium term in terms of increasing the global competition capacity of the PRC government. In this regard, the rapid development of PRC in information and network technologies is significant. “Document 27” was declared by SNISCSG in 2003. This document was prepared according to Mao Zedong’s “active defense”15 strategy. This document aimed at development of local technologies in the field of information technologies, the establishment of coordination between the institutions working in this field, and increasing the budget for the sectors in question. Establishment of a new structure and dissolution of the SNISCSG in 2008 following its successful studies 14 Ibid., p. 11. Active Defence is a concept of Mao Zedong which indicates the strategy proposing that an aggressive policy shall not be followed without an attack against the PRC. 15 Analysis of the Cyber Security Strategies of People’s Republic of China carried out in accomplishing the objectives in question have been decided in accordance with the new technological developments. There is open source information on which the structure will run the duties, which were carried out by the SNISCSG after the closing of this institution. Accordingly, the situation emerged with SNISCSG shall be evaluated within the framework of “hiding the real intentions” tendency which we have examined before regarding the strategic plans of PRC. “The National Programme for the Development of Science and Technology in the Medium and Long Term, 2006-2020”, which was declared by the State Council of the PRC, is critical concerning the development of PRC in contemporary technology and informatics. PRC has determined the development of informatics and network technologies through local sources as the main objective and put forward the argument that this objective shall be in accordance with the aim of increasing the quality of life and the standards of the Chinese people. The coordination between the institutions, which have not been successful in establishing such coordination in the fields of informatics and technology until 2006, has been achieved through this program and an important step has been taken in reaching the current technological level PCR has today. This program does not have a military purpose. Various plans have been proposed for the purposes of encouraging the informatics sector and increasing energy sources, establishing the water demand, developing environmental technologies, encouraging intellectual rights and PRC’s having a competitive economic structure.16 As is seen, the PRC governments placed great importance to technological development in the field of cyber security, production of national and local software-hardware through using equity capital, and maintaining these production processes with the support of state-funded institutions and organizations. As a result of this strategic approach, 16 The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), China and Cyber Attitudes, Strategies, Organizations, https://ccdcoe.org/sites/default/files/ multimedia/pdf/CS_organisation_CHINA_092016.pdf, (Accession Date: 13.09.2017), p. 12. 13 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 14 Güvenlik Stratejileri Yıl: 14 Sayı: 28 significant developments have been achieved, critical strategic documents were prepared, and new organizational structures were established in the field of cyber security after 2010. In this regard, a strategy named “New Policy Opinion (NPO)” has been declared by the State Council’s Information Office (SCIO) in 2012. The main purpose of this strategy is to encourage the information sharing among the institutions which are active in the field of technology and to provide protection of information and technology security within national interests under the coordination of State Council. The main difference of this strategy from previous documents is that this strategy has new objectives such as enabling information security for state organizations and individuals beyond allowing economic and technologic development and preventing the social manipulation and espionage operations originating from network technologies.17 A new organization has been established in 2014 named “Central Leading Small Group for Internet Security and Informatisation”. It has been decided that the operations of this organization will be directed by the PRC presidents and thus the importance placed by the PRC on cyberspace-based developments has tried to be highlighted. The main objective of the working group is determined as establishing the required coordination and common political initiative within the aims of developing internet security and informatics sectors among state organizations. The fact that the unit called “Central Leading Small Group for Internet Security and Informatisation” will operate under PRC presidency also shall be evaluated as an important strategic approach in terms of taking fast and exact decisions in the field of cyber security. Thus, PRC has aimed at reducing the loss of time in decision-making See more at: Adam Segal, What to Do About China’s New Cybersecurity Regulations?, https://www.cfr.org/blog/what-do-about-chinas-new-cybersecurity-regulations (Accession Date: 14.09.2017). 17 Analysis of the Cyber Security Strategies of People’s Republic of China processes originating from bureaucracy and the misjudgments in the field of cyber security. It is also seen that important developments are experienced in the PLA in the field of cyber security strategy based on the abovementioned strategic steps taken. As a result, China’s Military Strategy was declared by the PRC Ministry of Defense on 26 May 2015. This document pointed out important points such as rapid development of information society, the PLA’s necessity of establishing new plans which will synchronize with these new conditions, informationization of the wars, as well as the facts that even local conflicts are influenced from this informationization process and changed their formats, that it is a necessity for PLA to synchronize its warfare systems, command structure and all of its military elements with the network technology, that PLA shall evaluate the cyber crisis and cyber operations as new threat and take measures against them.18 The PRC government, which has considered scientific developments originating from space technologies depending on the new initiatives within the cyber security field as a new opportunity area for improving its military capacity, has taken steps in the direction of developing its cyber capacity within the field of space technologies. In this framework, the summary in the document named “National Cybersecurity Strategy” published by the Cyberspace Administration of China on 27 December 2016 stated the points that cyber space is an area which may create new threat for the security of the country, that any kind of scientific, technical, legal, diplomatic, and military measures will be taken by the PRC in order to eliminate the dangers originating from this area, that any kind of espionage and intervention attempts targeting the internal security of the Chinese government will be interrupted without hesitation, that measures will be taken in order to protect the critical infrastructure of the country, and that PRC will 18 See more at: USNI News, China’s Military Strategy, https://news.usni.org/2015/ 05/26/document-chinas-military-strategy, (Accession Date: 14.09.2017). 15 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 16 Güvenlik Stratejileri Yıl: 14 Sayı: 28 support an economy with open market, transparency, and competition conditions and encourage the increase international investments of the local companies within informatics and technology sectors.19 Another critical point of reference in the development of cyber capacity regarding space technologies is “International Strategy of Cooperation on Cyberspace” which was published by PRC Ministry of Foreign Affairs and Cyberspace Administration of China on 1 March 2017. To summarize it shortly, this document included the points that militarization of the cyber space and use of it as an area for deterrence is being opposed, that attempts such as these damage to international security and stability, that cyber space shall be audited and controlled by a multi-sided governance, in which these sides shall be states, international organizations, international companies, non-governmental organizations, and even individuals, that United Nations (UN) is an appropriate ground for determining the auditing committees in question, that foreign investments of international informatics and technology companies will be encouraged, that any kind of support will be given to the foreign companies for them to make investments in the country providing that public benefit and national security will be watched, that the governance of the internet will not be monopolized, and that PRC prefers a multi-sided governance system.20 In this context, it can be stated that the document in question brings forward the point that cyber space shall not be militarized and not be used as an area for deterrence, referring to the claim that “increasing cyber power and cyber challenges of RF poses serious threat for the security of the US, and especially PRC became a threat in term of cyber espionage operations for the US”, which was present in the document named “National Security Strategy” declared by the US in 19 See more at: China Copyright Media, National Cybersecurity Strategy, https://chinacopyrightandmedia.wordpress.com/2016/12/27/national-cyberspace-securitystrategy/ (Accession Date: 14.09.2017). 20 See more at Xinhuanet, International Strategy of Cooperation on Cyberspace, http://news. xinhuanet.com/english/china/2017-03/01/c_136094371.htm (Accession Date: 14.09.2017). Analysis of the Cyber Security Strategies of People’s Republic of China February 2015.21 The request on governance of the internet and the cyber space with a multi-sided system shall be considered as a result of the long-term policy, which symbolizes the opposition of the PRC against the hegemony of the US. As it is seen, advancement of internet, network technologies, and informatics sectors, encouragement of local technologies on this matter, procurement of cyber securities of state organizations and individuals, prevention of possible cyber operations, espionage, and manipulation activities from hostile states against the country are heavily involved in the paper, along with the documents and plans of the PRC on cyber security. In order to achieve these goals, small working groups were set up, which were established based on periodic developments. It is aimed to govern the cyber security of the country, which has the world’s largest internet community, through a single authority and rapid decision-making processes without facing bureaucratic obstacles through such a structure. There is a language encouraging peace and cooperation in the documents and strategies; it is emphasized that the cyber security of the country will be defended resolutely against manipulations and leakages of the foreign countries. 4. Actors in the PRC Cyber Security Strategy Management Actors in the PRC Cyber Security Strategy Management can be divided into civil and military sides. The civil side consists of CPC, official institutions affiliated to Chinese government and working groups, telecommunication, technology, informatics companies, which are globally active, hacker groups, and cyber civil militia. The military side consists of units within PLA. The top decision-making bodies of the civil side are Politburo Standing Committee, State Council, and Central Military Commission as in all decision-making processes of PRC. The authorities in question are the basic structures, which take decisions on large-scale initiatives 21 A. Burak Darıcılı, “Demokrat Parti Hack Skandalı Bağlamında ABD ve RF’nin Siber Güvenlik Stratejilerinin Analizi”, Journal of International Studies, 1 (1), 2017, p. 7. 17 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 18 Güvenlik Stratejileri Yıl: 14 Sayı: 28 regarding cyber security strategy of PRC.22 On the other hand, there are various institutions, which are founded with the instructions of super-structures in question. For example, Ministry of Industry and Information Technology (MIIT) was established in 2008 and has similar duties and responsibilities with Department of Homeland Security of the US.23 “The National Computer Network Emergency Response Technical Team/Coordination Centre of China” (CNCERT) is a non-governmental organization founded in 2002 acting under MIIT and it is responsible for the detection of malicious software in the networks of the country and development of necessary measures against them and informing MIIT about the processes. MIIT also has a body called the “State Administration for Science, Technology and Industry for National Defense” (SASTIND), which drafts guidelines, policies, laws, and regulations regarding science, technology, and industry for national defense. Prior to the establishment of MIIT, a separate body called the “Commission for Science, Technology and Industry for National Defense” (COSTIND) carried out similar tasks.24 “The Ministry of Public Security” (MPS) is an organization researching the cyber crimes and taking measures towards protecting the critical infrastructures. MPS also has an important duty in counterespionage by acting as an auditing body over the Chinese technology companies and products to be exported. “Ministry of State Security” (MSS) is responsible for all counter-espionage plans including espionage operations originating from hostile services and procurement of domestic intelligence service need of the PRC. At this point, it shall be stated 22 The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), China and Cyber Attitudes, Strategies, Organizations, https://ccdcoe.org/sites/default/files/ multimedia/pdf/CS_organisation_CHINA_092016.pdf, (Accession Date: 13.09.2017), p. 19. 23 See more at; Darıcılı, “Demokrat Parti Hack…”, op. cit., pp. 8-9. 24 The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), China and Cyber Attitudes, Strategies, Organizations, https://ccdcoe.org/sites/default/files/ multimedia/pdf/CS_organisation_CHINA_092016.pdf, (Accession Date: 13.09.2017), p. 16. Analysis of the Cyber Security Strategies of People’s Republic of China that the duties and authorities of the MSS is broad and extensive in terms of playing an important role in the intelligence structure of the PRC. Resisting against the opposition movements against the CPC and information warfare operations originating from hostile countries are among the duties of this organization. In this respect, it can be stated that MSS has the same duty and responsibility with “Federalnaya Slujba Bezopasnosti” (FSB) of the RF and “Federal Bureau of Investigation” (FBI) of the US.25 MPS and MSS both operate under the State Council.26 Other organizations, which operate under State Council, are “State Encryption Bureau” meeting the crypto needs of the state institutions and “State Secrets Bureau” managing all the significantly secret networks systems.27 On the other hand, “Chinese Institute of Contemporary International Relations”, which acts directly under MSS, the “Chinese Academy of Engineering”, and the “Chinese Academy of Sciences” have essential duties in research of the cyber space-based technologies. Tsinghua University, Peking University, Academy of Military Science and the PLA Information Engineering University and Cyber Security Association of China have significant contributions in developing technologies in question and training specialists regarding the subject. As is seen, small working groups, such as SILG and SNISCSG acting with central authority and responsibility in the administration of the PRC cyber security policies, have essential functions. The most important reason for founding these kinds of structures is to prevent potential bureaucratic delays, which may arise within the high population and large surface area of PRC. These structures operate being directly answerable to the top decision-making actors. For this reason, they can take effective decisions without losing time in the strategy-setting processes. Darıcılı, “Siber Uzay ve…”, op. cit., p. 99. Darıcılı, “Demokrat Parti Hack…”, op. cit., p. 18 27 See more at: Jon Lindsay, Chinese Civilian Cybersecurity: Stakeholders, Strategies, and Policy, (Report from Workshops held at the University of California, San Diego April 2012), https://ndc.gov.bd/lib_mgmt/webroot/earticle/147/China_and_Cybersecurity.pdf (Accession Date: 16.09.2017), pp. 6-8. 25 26 19 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 20 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Some of the telecommunications, technology, and information technology (IT) companies originating from China operate on a global scale and they are among the leading companies concerning their revenues. The best-known companies are China Telecom, Huawei, Lenovo, and China Unicom. The management level and shareholders of such companies are directly linked to the CPC and the PLA.28 Some of these companies’ global activities are frequently discussed in the context of their links with the PRC and they are subject to various restrictions in the Western world, due to the fact that their products and services may be the sources of PRC-based cyber espionage operations. Moreover, regarding these companies’ investments in the Western world, their attempts to purchase Western-based companies can be a matter of discussion for similar reasons. Chinese hacker groups and cyber militia structures are other issues, which should be addressed within the PRC’s cyber security strategy. In this context, hacker groups operate independently or in the name of PRC in cyber space. As is known, there are many such groups behind numeraous attacks taking place on a global scale. At this point, the claims that the RF obtained the e-mails of some of the directors of the “Democratic National Committee” (DNC) in 2016 through cyberattack and various state-supported criminal hacker groups and that it leaked some of these e-mails to the public shall be remembered. As considered in these claims, the RF has benefitted from some hacker groups connected to secret services in its cyber operations. Accordingly, the RF President Vladimir Putin claimed that “patriotic hacker groups may have made such plans under their own initiatives.”29 Although it seems that the use of illegal hacker groups for efficient cyber operations under the auditing and the control of secret services is an advantage, the condition of the PRC is different in this 28 See more at: RSAC, Comparative Study: Iran, Russia &PRC Cyber War, https://www.rsaconference.com/writable/presentations/file_upload/hta-w01-comparativestudy-iran-russia-prc-cyber-war_copy1.pdf (Accession Date: 15.09.2017). 29 See more at: Darıcılı, “Demokrat Parti Hack…”, op. cit., pp. 16-18. Analysis of the Cyber Security Strategies of People’s Republic of China regard. The PRC considers that if it supports these kinds of groups, the groups in question might act against itself when they get out of control and that this may result in internal unrest and manipulations against CPC if they involve in interaction with various opposition movements and hostile intelligence services in this direction.30 On the other hand, by its very nature, there is limited open source information on the hacker groups, which are claimed to be in connection with the PRC. However, the Red Hacker Alliance is the most important group that has been linked to the PRC and whose name and some activities have been unraveled publicly. There are thousands of members of this group who believe in Chinese nationalism as it is claimed in open sources and they transfer highly valuable information to relevant PRC institutions through industrial and technology espionage operations within the scope of their activities abroad.31 The PRC, as discussed earlier, has the world’s most populous internet community among internet users and experts. The experts in question are the primary element of the cyber militia structure of the PRC. In this context, all scientists, experts, engineers, and network technology capable citizens working in the telecommunication, information, and technology areas are natural members of this militia structure for PRC. It is alleged that these individuals are not directly associated with the CPC but have occasional exercises within the scope of contingency planning and that they got training for lines of action against cyber-attacks against the PRC during these exercises. The units under the CPC are also essential to reveal the cyberattack capacity of the PRC. The CPC has not declared a specific 30 See more at: Tim Stevens, Breaching Protocol: The Threat of Cyberespionage, Academia.edu, http://www.academia.edu/1158361/Breaching_Protocol_The_Threat_of_ Cyberespionage (Accession Date: 16.09.2017). 31 See more at: Tobias Feakin, The Cyber Dragon, (Report by the Australian Strategic Policy Institute, 2013), https://www.aspi.org.au/publications/special-report-enter-the-cyberdragon-understanding-chinese-intelligence-agencies-cyber-capabilities/10_42_31_AM_ SR50_chinese_cyber.pdf (Accession Date: 16.09.2017), pp. 4-5. 21 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 22 Güvenlik Stratejileri Yıl: 14 Sayı: 28 doctrine contrary to the armed forces of the US and the RF. Instead, making several references to the subject in the “Military Strategic Guidelines” which are published in every 10 or 15 years has been sufficient for them. These references only state the importance of network technologies for today’s conflicts and that CPC has to integrate the new generation technologies into its armed capacity and the rising importance of information warfare.32As discussed earlier, this can seem surprising for a culture that has considered the importance of intelligence, intelligence gathering, tricks, and manipulation since Sun Tzu. In fact, this initiative stems from the fact that the real intentions and plans regarding cyber space are intended to be concealed. In 1986, the PRC initiated “Program 863”. The main objective of this program is to develop a specific and comprehensive intelligence gathering systematics to overcome the technological diversities with the Western world in the key sectors. The perspective this plan has provided CPC to initiate a series of reform processes, which has reached today.33 Accordingly, Communications Department of PLA General Staff Department was restructured into the Informatisation Department, together with establishing several smaller information-related departments in the PLA regions following the several plans made in time.34 Three new structures were established in 2015. These new structures are PLA Rocket Force, the PLA Strategic Support Force, and the Army Leadership Organ. However, the Strategic Support Force (SSF) has also been given a status equal to the professional service branches by today. It also will likely formulate the core of China’s information warfare effort by comprising 32 See more at: The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), China and Cyber Attitudes, Strategies, Organizations, https://ccdcoe.org/ sites/default/files/multimedia/pdf/CS_organisation_CHINA_092016.pdf (Accession Date: 13.09.2017), pp.19-26. 33 Nigel Inkster, “Chinese Intelligence in the Cyber Age”, Survival: Global Politics and Strategy, , 55, (1), 2013, p. 50. 34 See at more: Thomas L. Timothy, Three Faces of the Cyber Dragon, Forth Leavenworth, KS. Foreign Military Studies Office, 2012, pp. 69-72. Analysis of the Cyber Security Strategies of People’s Republic of China forces in the space, cyber, and electromagnetic domains, thus finally it will gather China’s military-related informatisation activities under one umbrella.35 In addition to these, it has been claimed that SSF controls all the cyber operations of CPC in the cyber space together with the decisions taken by some sources in the recent years. As another result of the reform processes, two executive bodies of the PLA General Staff Department, the Third and the Fourth Departments, were established. Third Department (3/PLA) is also known as the technical department. It operates in coordination with the 2/PLA, which has duties and responsibilities in the intelligence field. At this point, as mentioned before, it can be stated that the operations similar to the intelligence gathering operations of MSS are carried out by thr 3/PLA; but the 3/PLA undertakes the plans regarding the technical side of the objectives in question and the remaining duties are carried out by the 2/PLA. In this context, it can be claimed that the 3/PLA is mainly responsible for meeting the needs of the “Signal Intelligence” (SIGINT) and it plans its operations accordingly; thus, it has a similar function with “National Security Agency” (NSA) of the US.36 Another organization which operates in coordination with the 3/PLA in gathering technical intelligence, especially SIGINT, is the “Military Region Technical Reconnaissance Bureau” (TRB). This organization serves in even military regions and it is independent of the 3/PLA. Like the 3/PLA, the TRBs’ responsibilities include not only computer network exploitation, but also cryptology and communications intelligence. 37 See at more: John Costello, The Strategic Support Force: China’s Information Warfare Service, The Jamestown Foundation, http://www.jamestown.org/programs/chinabrief/ single/?tx_ttnews%5Btt_news%5D=45075&cHash=9758054639ab2cb6bc7868e96736b6c b#.V6RA_Lt95aQ (Accession Date: 17.09.2017). 36 See more at: Inkster, op. cit., pp. 46-49. 37 The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), China and Cyber Attitudes, Strategies, Organizations, https://ccdcoe.org/sites/default/files/ multimedia/pdf/CS_organisation_CHINA_092016.pdf (Accession Date: 13.09.2017), p. 23. 35 23 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 24 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Fourth Department (4/PLA) has duties and responsibilities in meeting the needs of CPC about “Electronic Intelligence” (ELINT) and resisting to the ELINT operations against the country. It also fulfills tasks such as taking measures against attacks originating from computer networks.38 It can also be stated that the 4/PLA has responsibilities which are similar to the duties carried out by MSS, and, at this point, it operates in coordination with the 2/PLA and the 3/PLA; but it carries out the plans on the meeting the ELINT needs of these responsibilities. Another initiative was also launched in the CPC in 2014. In this context, the “Opinion on Further Strengthening Military Information Security Work” was published by the Central Military Commission and the CPC’s directives for the military in the information security field were declared. Chinese Ministry of National Defense declared China’s Military Strategy in March 2015, based on its Defense White Paper dated 2015. The Defense White Paper is vital in terms of the significance given by CPC to the development of information warfare abilities. These documents have focused on the points that CPC shall develop its cyber powers, watch out for the threats coming from the cyber space, develop its information warfare abilities, and increase the cyber defense capacity. It can be claimed that PRC wants to develop its military capacity through benefitting from the opportunities and abilities based on cyber space amply and, moreover, it aims to contribute to the economic development of the country by using these opportunities for industry and technology espionage. 38 See more at: Bryan Krekel, Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, (Report by Northrop Grumman, http://nsarchive2.gwu.edu//NSAEBB/NSAEBB424/docs/Cyber066.pdf), (Accession Date: 17.09.2017), p. 44. Analysis of the Cyber Security Strategies of People’s Republic of China 5. Regulations of the PRC for the Control of the National Cyber Space Area The PRC enforces some measures to provide the cyber defense systematics through sophisticated methods, besides developing an efficient cyber-attack capacity. In this context, the Cybersecurity Law, which was put into force on 1 June 2017 in order to provide cyber security of the PRC, shall be examined, as it reflects the contemporary situation in the country. In this respect, the Cybersecurity Law consists of the regulations on the following subjects:39 • The Cybersecurity Law pays more attention to the protection of personal information and individual privacy regarding personal information protection. It standardizes the collection and usage of personal information. Enterprises should focus not only on “data security”, but also on “individual privacy protection”, which is of greater significance. Some measures were taken towards keeping the personal information of the PRC citizens secure; especially the commercial activities of the foreign global companies, which procure the personal information of the PRC citizens, are kept in control and standards were set by this regulation. • This Law presents clear definitions of network operators and security requirement regarding these network operators. Most of the larger financial institutions may become “network operators”. There are mechanisms for auditing of the commercial activities of the foreign network operators active in the PRC and thus resisting against the cyber espionage activities, which may rise through these companies. • This Law places higher demands on the protection of critical information infrastructure. It specifies the scope of crucial information infrastructure. It also have the objective of protection of the critical infrastructures of the PRC and aims to increase the cyber defense capacity See more at: KPMG, Overview of China’s Cybersecurity Law, https://assets.kpmg.com/ content/dam/kpmg/cn/pdf/en/2017/02/overview-of-cybersecurity-law.pdf, (Accession Date: 20.09.2017). 39 25 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 26 Güvenlik Stratejileri Yıl: 14 Sayı: 28 of the country against extensive cyber-attacks against the PRC. • Foreign enterprises and organizations normally need to transfer information outside China due to the restrictions on the transfer of personal information and business data overseas. The Cybersecurity Law stipulates that sensitive data must be stored domestically. • Penalties for violating the Cybersecurity Law include the suspension of business activities; serious action may lead to the closing of business or the revocation of licenses in line with penalties put into enforcement. The maximum fine may reach RMB 1.000.000. As is seen, the official authorities of the PRC obtain extensive powers on the issue of control over the internet through the law in question. The responsibilities of the internet operators are increased in connection with providing conformity between the service they give and these regulations; and this law puts an obligation over the individual users to use their real names in their transactions in the internet. The first global company, which faced the compelling provisions of this law, has been Apple. In this respect, the PRC government has warned Apple to remove the VPN40 applications in the AppStore in PRC in July 2017. Amazon, another leading company in the world, has informed their customers about cancelling its services if the use of unapproved VPN’s is detected, in accordance with this law.41 There are also other steps taken by the PRC to make its cyber defense stronger. Some of these steps include the banning of some social media applications originating from the Western world; encouraging the use of national social media applications; and banning some websites altogether. For example, PRC government has banned the operations of Facebook with a decision taken in 2009, which was a 40 VPN is the abbreviation of the term Virtual Private Network and it is a service, which enables you to connect to the internet via another IP address. VPN makes your connection secure and enables your connection, passwords, and identity to be hidden while connecting to any network. 41 See more at: Yeni Medya, Çin’in Büyük Güvenlik Duvarı:Sansürde 21 Yıl, https://yenimedya.wordpress.com/tag/buyuk-guvenlik-duvari/, (Accession Date: 21.09.2017). Analysis of the Cyber Security Strategies of People’s Republic of China very popular website in those days. The main reason of this ban is to prevent the social movements, which might rise through this social media platform. Moreover, after 2009, the PRC government has tried to popularize the use of national and local social media applications through investment and incentive plans and a significant progress has been made by the year 2018. Also, it should be known that the usage of national and local social media applications in PRC is under serious auditing and control. The ban on Facebook was followed by the ban on other social media applications having foreign origins, such as Twitter and Snapchat. Moreover, CPC has banned the commercial internet applications, which build friendship, through comprehensive and strict internet regulations enforced in 2010 and it has also regulated the use of internet in public spaces and taken precautions against opening web page or blog. There is another very significant project, which the PRC has put into force to control the cyber space. This is called “the Great Firewall of China”, which is officially known as “Golden Shield Project”. This project is the Chinese government’s project for internet censorship and surveillance. It was initiated by the Ministry of Public Security (MPS) in 1998 and has been updated periodically. If we take into consideration the fact that an efficient and sophisticated initiative like the Golden Shield Project has been put into force in the late 1990’s, which is the time when internet has just begun commercializing and civilizing, it shall be interpreted as a really important development in showing that PRC has reached the opportunity and ability towards increasing its cyber defense capacity in the cyber space by these years.42 On the other hand, the project in question is used by MPS actively today, depending on the three-stage systematic stated below. 42 See more at: Standfort, The Great Firewall of China: Background, https://cs.stanford.edu/people/eroberts/cs181/projects/2010-11/FreedomOfInformation China/the-great-firewall-of-china-background/index.html, (Accession Date: 20.09.2017). 27 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 28 Güvenlik Stratejileri Yıl: 14 Sayı: 28 These stages are operated as indicated below:43 I. Stage : Blocking the Domain Names and IP Addresses. II. Stage : Censorship on Keywords; in other words, if any content is a pre-detected “critical” by the government, blocking of this message. III. Stage : The detection of VPN’s; in other words, if they are used, taking criminal action against this. Conclusion The attacks originating from cyber space has reached to a dangerous and sophisticated level due to the developments in the internet and network technologies today. Within this scope, cyber threats are seriously and negatively influencing the national and economic security of the countries. It is obvious that developments based on internet and network technologies will influence the entire world profoundly. Civilianization and commercialization of the internet as of 1990’s is followed by important progress in all areas of telecommunication technologies, and especially smart phone technologies. The opportunities and conveniences provided by the internet have resulted in the formation of a new power factor in political, military and economic life, besides everyday life. This also has led to discussion on the new concepts, which are identified as cyber space and cyber security, in the security studies and analyses. Warfare, attack, and defense strategies and plans of the countries have started to evolve into an incredibly sophisticated and complicated structure as a result of technological developments based on internet. We also face with ordinary internet users as asymmetrical threat risks due to the new technical possibilities as a result of widespread use of internet all over the world. All these developments have increased the activities of individual or state-sponsored hackers in global scale; the countries, non-governmental actors and individuals are faced with new 43 See more at: Yeni Medya, loc. cit. Analysis of the Cyber Security Strategies of People’s Republic of China concepts and threat risks such as “hacking” and “leaking”. On the other hand, the US, RF and the PRC, which are the hegemonic powers in the global system within the scope of the current political, economic, and military possibilities, consider the cyberspacebased developments as new possibilities to keep their skills and even to increase the level of their skills in order to develop their military capacities. In this context, besides the great powers in question, all the countries in the world have accelerated their strategies and plans towards developing their cyber-attack and defense capacities within the possibilities and abilities in the cyber space, which is an art factual digital area. In this context, countries have started to change their classical security understandings as a result of the enormous developments in the informatics and information technologies. The objective of taking measures against new threat foci, which have become asymmetric because of the anarchic and unanimous structure of the cyber space, has been emphasized in the countries’ new security understanding. Now, setting up cyber space activity as a new field of struggle towards the final end of providing the security of the states has become very important in order to ensure the national security of a state. In this sense, countries want to benefit from these opportunities in order to primarily secure themselves against the cyber-attacks, espionage and manipulation possibilities supported with new generation techniques based on network technologies and subsequently to realize their objectives within their national interests. The PRC has started to spread on effort to reach an efficient cyber-attack and defense capacity within the plans manifested in the late 1980’s by following the developments in question. Thus, the PRC has become an efficient cyber power in the cyber space today. The PRC also has tried to develop its cyber security strategy, having the purposes of enabling economic growth, developing its military capacity, procuring globally newly emerged technologies within cyber espionage operations, and enabling the security and continuation of the current internal system in which CPC is at the center. This effort is not 29 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 30 Güvenlik Stratejileri Yıl: 14 Sayı: 28 an unjust political approach regarding the national interests of the PRC, when it is compared to the similar plans of other countries in the international system and evaluated within the realpolitik paradigms. In this respect, the PRC authorities have taken the cyber space, which has been developed beginning from the ends of the 1980’s, when the civilianization and commercialization of the internet began, into consideration with its suitable opportunities in commercial and military areas and they also have seen the cyber space as an area, which consists of serious threats against internal and external security, and thus they have started to establish their plans in this direction. On the other hand, since every step taken by the PRC in the field of cyber security have impact on the structure of the world’s largest internet community; it shall be monitored by the rest of the world. In this context, it shall be considered that the PRC wants to have over its territory and to accelerate its efforts on creating an alternative to the West by establishing and maintaining the opponent politics against the advantages, which Western world and especially the US have. It can be expected that Shanghai Cooperation Organization (SCO), to which the PRC has contributed with the aim of influencing the international system through its opposition to the US and Western countries within its foreign political interests, will maintain its main feature of being an international ground for the PRC’s attempts to develop hegemony in the cyber space field via an interaction with the RF in the future. It shall also be expected that the PRC will not loosen its control over the internet through the laws which it enforced recently and that it may strengthen these laws in necessary conditions in order to control the possible opponent social and separatist movements by keeping the permanent organization based on the CPC. It is possible that the PRC will maintain its control over the investments of informatics companies, social media applications and internet-based brands originating from the Western countries in short and medium term. Analysis of the Cyber Security Strategies of People’s Republic of China Özet Çin Halk Cumhuriyeti (ÇHC), 1980’lerin sonlarına doğru ortaya konan planlamalar kapsamında etkili bir siber kapasiteye ulaşmak için ciddi çaba göstermeye başlamış ve günümüzde siber uzayı domine etme imkân ve kabiliyetine sahip etkili bir siber güç haline gelmiştir. Bu makalede genel ve soyut yaklaşımlarla değerlendirdiğimiz üzere, ÇHC ekonomik büyümesini sağlamak ve askerî kapasitesini artırmak için etkili bir siber güvenlik stratejisi geliştirmeyi önemli bir hedef olarak belirlemiştir. Bu hedefini gerçekleştirmesi için planlamalar ve stratejiler geliştirmek de ÇHC yönetimi tarafından güvenlik ve dış politika önceliklerinden biri olarak tespit edilmiştir. Bu noktada güvenlik ve dış politika önceliklerine bakıldığında, ÇHC yönetiminin, henüz tam anlamıyla bir süper güç olmadığının farkında olarak, yeni stratejiler belirlediği görülmektedir. Ancak ÇHC’nin nihai hedefi süper güç olmaktır. Bu itibarla son yıllarda ÇHC’nin uluslararası ilişkilerde kendine olan güveninin arttığı ve girişkenliğinde görünürde bir artış gerçekleştiği de ileri sürülebilir. Öte yandan, ÇHC’nin siber güvenlik stratejisinin söz konusu tespit ve değerlendirmeler doğrultusunda şekillendiği de iddia edilebilir. Bu itibarla, ÇHC genel olarak ekonomik büyümesini sağlamak, askerî kapasitesini geliştirmek, küresel düzeyde yeni gelişen teknolojileri siber espiyonaj operasyonları kapsamında temin etmek ve Çin Komünist Partisi’nin (ÇKP) merkezde olduğu mevcut iç sisteminin güvenliğini ve devamlılığını sağlamak için siber güvenlik stratejisini planlamaktadır. Diğer bir deyişle, ÇHC’nin siber güvenlik stratejisinin analizi ile aynı zamanda ÇHC’nin güvenlik ve dış politika stratejilerinin de bir nevi tahlili yapılabilecektir. Bununla birlikte, sahip olduğu büyük nüfus, geniş internet altyapısı ve topluluğu dikkate alındığında ÇHC’nin siber güvenlik stratejisi kapsamında attığı her adımın bir yandan küresel siber uzay alanını da etkilediği hatırda tutulmalıdır. ÇHC’nin siber güvenlik stratejisinin tüm detayları ile irdelenmesi, uluslararası ilişkiler disiplini ve siber uzay çalışmaları açısından önemlidir. 31 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 32 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Gelecek dönem için bir perspektif oluşturulmaya çalışılması halinde ve ülkenin nüfus ve yüzölçümü büyüklüğü ile yıllardır ülkeyi yöneten yapının oluşturduğu yerleşik nizam dikkate alındığında, ÇHC’nin siber güvenlik stratejisi kapsamında ortaya koyduğu hedeflerin olumlu sonuçlarına tam anlamıyla ulaşması zaman alabilecek gibi gözükmektedir. Bu nedenle de ÇHC’nin, siber uzayda Amerika Birleşik Devletleri (ABD), Rusya Federasyonu (RF) veya Kuzey Atlantik Antlaşması Örgütü (NATO) üyesi diğer devletlerden biri ile yaşayabileceği potansiyel siber mücadele süreçlerinde, tıpkı diğer dış politik sorunlara bakışında olduğu gibi, tam anlamıyla etkili bir küresel aktör oluncaya kadar daha kontrollü bir siber güç profili izleyeceği de ileri sürülebilecektir. Öte yandan, ÇHC’nin siber güvenlik alanında attığı her adımın, sahip olduğu dünyanın en büyük internet topluluğunun yapısında da değişikliklere neden olacağından, dünyanın geri kalanı tarafından yakından takip edilmesi gerekmektedir. Bu anlamıyla bakıldığında, ÇHC, küresel bilişim şirketleri için çok önemli bir pazardır ve ulusal siber uzay alanı ile ilgili yaptığı her hamle ve değişiklik söz konusu aktörler ve bu aktörlerin merkezlerinin yer aldığı devletler tarafından da dikkatlice izlenmektedir. Bu noktada, ÇHC’nin küresel internet alanının yönetimi noktasında kendi güvenlik öncelikleri ve küresel ticari çıkarları dâhilinde başta ABD olmak üzere Batı dünyasının sahip olduğu avantajlara karşı muhalif politikaları devam ettirerek, Batı’ya karşı alternatif yaratma çabalarına hız vereceği ve kendi egemenlik alanını genişletmek isteyeceğinin de dikkate alınması gerekmektedir. ÇHC’nin bu yöndeki siber güvenlik alanına dair planlamalarının da siber uzayda ABD öncülüğündeki Batılı devletler ile siber rekabeti artıracağı da açıktır. Analysis of the Cyber Security Strategies of People’s Republic of China Bibliography Books DARICILI, Ali Burak, Siber Uzay ve Siber Güvenlik; ABD ve Rusya Federasyonu’nun Siber Güvenlik Stratejilerinin Karşılaştırmalı Analizi, Bursa, Dora Yayıncılık, 2018. TIMOTHY, Thomas L., Three Faces of the Cyber Dragon, Fort Leavenworth, KS, Foreign Military Studies Office, 2012. TZU, Sun, Savaş Sanatı (Translated by Pınar Erturan), İstanbul, Remzi Kitapevi, 2016. ÜNAL, Ahmet Naci, Siber Güvenlik ve Elektronik Bileşenleri, Ankara, Nobel Yayıncılık, 2015. Articles and Book Chapters DARICILI, Ali Burak, “Demokrat Parti Hack Skandalı Bağlamında ABD ve RF’nin Siber Güvenlik Stratejilerinin Analizi”, Journal of International Studies, 1 (1), 2017, pp.1-24. DARICILI, Ali Burak and Barış Özdal, “The Analysis on the Instruments Forming the Cyber Security capacity of Russian Federation”, Bilig, (83), Autumn 2017, pp. 121-146. INKSTER, Nigel, “Chinese Intelligence in the Cyber Age”, Survival: Global Politics and Strategy, 55 (1), 2013, pp. 45-66. Reports CHANSORIA, Monika, Informationising’ Warfare: China Unleashes the Cyber and Space Domain, (Paper by Centre for Land Warfare Studies), http://www.claws.in/images/publication_pdf/ 1270592252MP_20.pdf, (Accession Date: 12.09.2017). China Copyright Media, National Cybersecurity Strategy, https://chinacopyrightandmedia.wordpress.com/2016/12/27/nationalcyberspace-security-strategy/ (Accession Date: 14.09.2017). COSTELLA, John, The Strategic Support Force: China’s Information Warfare Service, The Jamestown Foundation, http://www.jamestown.org/ programs/chinabrief/single/?tx_ttnews%5Btt_news%5D=45075&cHas h=9758054639ab2cb6bc7868e96736b6cb#.V6RA_Lt95aQ (Accession Date: 17.09.2017). 33 Güvenlik Stratejileri Yıl: 14 Sayı: 28 Ali Burak DARICILI - Barış ÖZDAL 34 Güvenlik Stratejileri Yıl: 14 Sayı: 28 FEAKIN, Tobias, 2013, The Cyber Dragon, (Report by the Australian Strategic Policy Institute, 2013), https://www.aspi.org.au/publications/ special-report-enter-the-cyber-dragon-understanding-chinese-intelli gence-agencies-cyber-capabilities/10_42_31_AM_SR50 _chinese_cyber.pdf (Accession Date: 16.09.2017) GRIFFITH, Samuel B., Communist China’s Capacity to Make War, (Published by the Council on Foreign Affairs), https://www.foreignaffairs.com/articles/asia/1965-01-01/communistchinas-capacity-make-war (Accession Date: 16.09.2017). KPMG, Overview of China’s Cybersecurity Law, https://assets.kpmg.com/ content/dam/kpmg/cn/pdf/en/2017/02/overview-of-cybersecuritylaw.pdf, (Accession Date: 20.09.2017). KREKEL, Bryan, Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, (Report by Northrop Grumman, http://nsarchive2.gwu.edu//NSAEBB/ NSAEBB424/docs/Cyber-066.pdf (Accession Date: 17.09.2017). LINDSAY, Jon, Chinese Civilian Cybersecurity: Stakeholders, Strategies, and Policy, (Report from Workshops held at the University of California, San Diego April 2012), https://ndc.gov.bd/lib_mgmt/ webroot/earticle/1476/China_and_Cybersecurity.pdf (Accession Date: 16.09.2017). PAGANINI, Pierluigi, China admitted the existence of Information warfare units, http://securityaffairs.co/wordpress/35114/security/ china-admit-cyber-army.html (Accession Date: 16.09.2017). PATTON, Diane E., Evaluating U.S. and Chinese Cyber Security Strategies Within a Cultural Framework, (A Research Report Submitted to the Faculty in Partial Fulfillment of the Graduation Requirements for the Degree of Master of Operational Arts and Sciences), April 2016, http://www.dtic.mil/dtic/tr/fulltext/u2/1031380.pdf (Accession Date: 12.09.2017). QIAO, Liang and XiangsuiWang, 1999, Unrestricted Warfare, (Unofficial translation of the book is available at http://www.c4i.org/unrestricted.pdf), PLA Literature and Arts House. Analysis of the Cyber Security Strategies of People’s Republic of China RSAC, Comparative Study: Iran, Russia & PRC Cyber War, https://www.rsaconference.com/writable/presentations/file_upload/htaw01-comparative-study-iran-russia-prc-cyber-war_copy1.pdf (Accession Date: 15.09.2017). SEGAL, Adam, What to Do About China’s New Cybersecurity Regulations?, https://www.cfr.org/blog/what-do-about-chinas-newcybersecurity-regulations (Accession Date: 14.09.2017). Standfort, The Great Firewall of China: Background, https://cs.stanford.edu/ people/eroberts/cs181/projects/2010-11/FreedomOfInformationChina/ the-great-firewall-of-china-background/index.html (Accession Date: 20.09.2017). STEVENS, Tim, Breaching Protocol: The Threat of Cyberespionage, Academia.edu, http://www.academia.edu/1158361/Breaching _Protocol_ The_Threat_of_Cyberespionage (Accession Date: 16.09.2017). The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE), China and Cyber Attitudes, Strategies, Organizations, https://ccdcoe.org/sites/default/files/multimedia/pdf/CS_organisation_ CHINA_092016.pdf, (Accession Date: 13.09.2017). USNI News, China’s Military Strategy, https://news.usni.org/2015/05/26/ document-chinas-military-strategy, (Accession Date: 14.09.2017). Xinhuanet, International Strategy of Cooperation on Cyberspace, http://news.xinhuanet.com/english/china/2017-03/01/c_136094371.htm (Accession Date: 14.09.2017). Yeni Medya, Çin’in Büyük Güvenlik Duvarı:Sansürde 21 Yıl, https://yenimedya.wordpress.com/tag/buyuk-guvenlik-duvari/ (Accession Date: 21.09.2017). 35 Güvenlik Stratejileri Yıl: 14 Sayı: 28