31 December 2016

*** National Cyberspace Security Strategy


The broad application of information technologies and the rise and development of cyberspace has extremely greatly stimulated economic and social flourishing and progress, but at the same time, has also brought new security risks and challenges. Cyberspace security (hereafter named cybersecurity) concerns the common interest of humankind, concerns global peace and development, and concerns the national security of all countries. Safeguarding our country’s cybersecurity is an important measure to move forward the strategic arrangement of comprehensively constructing a moderately prosperous society, comprehensively deepening reform, comprehensively governing the country according to the law, and comprehensively and strictly governing the Party forward in a coordinated manner, and is an important guarantee to realize the “Two Centenaries” struggle objective and realize the Chinese Dream of the great rejuvenation of the Chinese nation. In order to implement Xi Jinping’s “Four Principles” concerning moving forward reform of the global Internet governance system and the “Five Standpoints” on building a community of common destiny in cyberspace, elaborate China’s important standpoints concerning cyberspace development and security, guide China’s cybersecurity work and safeguard the country’s interests in the sovereignty, security and development of cyberspace, this Strategy is formulated.

I, Opportunities and challenges

(1) Major opportunities.

In the wake of the flying development of the information revolution, a cyberspace composed of the Internet, telecommunications networks, computer systems, automatized control systems, digital equipment and the applications, services and data they carry, is currently comprehensively changing people’s ways of production and life, and is profoundly influencing humankind’s social historical development process.

New channels for the dissemination of information. The development of network technologies has broken through constraints of time and space, has expanded the range of communication, innovated communication methods, and triggered a fundamental shift in communication patterns. The Network has become a new channel for people to obtain information, study and interact, and has become a new carrier for the dissemination of humanity’s knowledge.

New spaces for production and life. In the present world, the network has profoundly penetrated into all aspects of people’s learning, life and work, online education, start-ups, healthcare, shopping, finance, etc., are becoming more widespread every day, and ever more people exchange ideas, achieve their undertakings and realize their dreams through the network.

New drivers for economic development. The Internet is becoming more of a leading force for innovation-driven development every day, the broad application of information technologies in all sectors of the national economy has promoted the transformation and upgrading of traditional industries, and has fostered new technologies, new business models, new industries and new models, it has stimulated the adjustment of economic structures and the transformation of economic development methods, infusing the economy and society with a new momentum.

New carriers for cultural flourishing. The network has stimulated cultural exchange and knowledge dissemination, it has liberated the development vitality of culture, promoted cultural innovation and reaction, and enriched people’s spiritual and cultural lives, it has so become a new channel for the dissemination of culture a new means for the provision of public cultural services. Online culture has become an important component part of cultural construction

New platforms for social governance. The network’s role in improving the national governance system and the modernisation of governance capabilities is becoming more prominent every day, e-government applications are growing ever deeper, government information openness and sharing has promoted government policymaking to become more scientific, democratic and rule of law-based, channels for citizen participation in social governance have been opened up, and they have become important pathways to guarantee citizens’ right to know, right to participate, right to express opinions and right to supervise.

New nodes for interaction and cooperation. Informatization and globalization are developing in an intertwined manner, stimulating the global circulation of factors such as information, finance, technology, talent, etc., and increasing interaction and convergence between different civilizations. The network has turned the world into a global village, international society is increasingly becoming a community of common destiny in which I find myself among you and you find yourself among us.

New territories for national sovereignty. Cyberspace has become a new area for important human activity of equal importance to land, sea, air and space, national sovereignty has extended and stretched into cyberspace, sovereignty in cyberspace has become an important component part of national sovereignty. Respect for sovereignty in cyberspace, safeguarding cybersecurity, seeking common governance, and realizing win-win, are becoming the consensus in international society.

(2) Grave challenges

The cybersecurity situation is growing more severe every day, and we face grave risks and challenges in national politics, the economy, culture, society, national defence, security and citizens’ lawful rights and interests in cyberspace.

Cyber penetrations harm political security. Political stability is the basic precondition for national development and the happiness of the people. The use of networks to interfere in the internal political affairs of other countries, to attack other countries’ political systems, incite social unrest, subvert other countries’ regimes, as well as large-scale cyber surveillance, cyber espionage and other such activities gravely harm national political security and users’ information security.

Cyber attacks threaten economic security. Networks and information systems have become critical infrastructure and even nerve centres for the entire economy and society, when they suffer from attacks and destruction, or major security incidents occur, it will lead to paralysis of critical energy, transportation, telecommunications and financial infrastructure, etc., resulting in disastrous consequences and gravely harming national economic security and the public interest.

Harmful online information corrodes cultural security. All kinds of ideologies and cultures are agitating and crossing swords online, excellent traditional culture and mainstream value views are facing attacks. Online rumours and degenerate culture as well as obscenity, violence, superstition and other such harmful information violating the Socialist core value view are corroding the physical and mental health of minors, undermining the social atmosphere, misleading value orientations and endangering cultural security. Online loss of moral norms and lack of sincerity happens frequently, and the degree of online civilization urgently needs to be raised.

Online terrorism, law-breaking and crime are destroying social security. Terrorism, separatism, extremism and other such forces are using the network to incite, plan, organize and carry out violent terrorist activities, directly threatening the security of people’s lives and possessions, as well as social order. Computer viruses, Trojans, etc., are sprawling across cyberspace, online fraud, hacker attacks, infringement of intellectual property rights, abuse of personal information and other such unlawful conduct exists in great quantities, some organizations wantonly steal user information, transaction data, location information as well as enterprises’ commercial secrets, gravely harming the interests of the country, enterprises and individuals, and influencing social harmony and stability.

International competition in cyberspace is rapidly unfolding. At the international level, there is strife for the control of strategic resources in cyberspace, to occupy norm-setting power and strategic commanding heights, and a competition in pursuit of the strategic initiative that is growing more fierce every day. A small number of countries is strengthening a cyber deterrence strategy, aggravating an arms race in cyberspace, and bringing new challenges to global peace.

Opportunities and challenges coexist in cyberspace, and the opportunities are greater than the challenges. We must persist in positive use, scientific development, management according to the law, and enhancing security, persist in safeguarding cybersecurity, use the development potential of cyberspace to the greatest extent, let it extend to China’s 1.3 billion people even better, enrich all of humankind, and persist in safeguarding global peace.

II, Objectives

With the overall national security view as guidance, implement the innovative, coordinated, green, open and shared development concept, strengthen risk consciousness and crisis consciousness, comprehensively handle both domestic and foreign large pictures, comprehensively plan the development of the two great matters of security [internal and external security], defend vigorously, respond effectively, promote peace, security, openness, cooperation and order in cyberspace, safeguard the interests of national sovereignty, security and development, and realize the strategic objective of building a strong cyber power.

Peace: information technology abuse is to be effectively curbed, arms races in cyberspace and other such threats to international peace are to be effectively controlled, conflicts in cyberspace are to be effectively prevented.

Security: cybersecurity risks are to be effectively controlled, national cybersecurity protection systems are to be completed and perfected, core technologies and equipment are to be secure and controllable, network and information systems are to operate stably and reliably. Cybersecurity talents are to satisfy demands, the cybersecurity consciousness of the entire society, basic protection capabilities and their confidence in using the network are to increase substantially.

Openness: information technology standards, policies and markets are to be open and transparent, product circulation and information dissemination is to become ever smoother, the digital divide is to be closed with every passing day. Without distinction between large and small, strong and weak, poor and rich, all countries worldwide, and especially developing countries, are to be able to share in development opportunities, share in development outcomes, and participate fairly in cyberspace governance.

Openness: All countries worldwide are to develop ever closer cooperation in areas such as technology exchange, attack on cyber terrorism and cybercrime, etc., a multilateral, democratic and transparent international Internet governance system is to be completed and perfected, and a community of common destiny in cyberspace with cooperation and win-win at the core is to be progressively realized.

Order: the public’s right to know, right to participate, right to express opinions, right of supervision and other such lawful rights and interests in cyberspace are to be fully protected, personal privacy in cyberspace is to be effectively protected, and human rights are to be fully respected. Domestic and international legal structures, standards and norms for cyberspace are to be established progressively, effective governance according to the law is to be realized in cyberspace, the network environment is to become honest, civilized and healthy, and the free flow of information is organically unified with safeguarding national security and the public interest.

III, Principles

A secure, stable and flourishing cyberspace is of major importance to all countries and even the entire world. China is willing to, together with all countries, strengthen communication, expand consensus, deepen cooperation, vigorously move forward the reform of the global Internet governance system, and jointly protect peace and security in cyberspace.

(1) Respecting and protecting sovereignty in cyberspace

No infringement of sovereignty in cyberspace will be tolerated, the rights of all countries to independently choose their development path, network management method and Internet public policy, as well as to equally participate in international cyberspace governance will be respected. The peoples of all countries are to decide on cyber affairs within the scope of sovereignty of all countries, all countries have the right to formulate laws and regulations concerning cyberspace on the basis of their national circumstances and learning from international experience, to adopt necessary measures according to the law, to manage their national information systems and online affairs within their national territories; to protect all countries’ information systems and information resources from intrusion, interference, attack and destruction, and guarantee the lawful rights and interests in cyberspace of their citizens; to prevent, curb and punish the online dissemination of harmful information endangering national security and interests, and to safeguard order in cyberspace. No country should engage in cyber hegemonies, uphold double standards, use the network to interfere in the domestic affairs of other countries, or engage in, connive in or support online activities endangering other countries’ national security.

(2) Peaceful use of cyberspace

Peaceful use of cyberspace aligns with the common interest of humanity. All countries should abide by the “UN Charter” principles concerning not using or threatening to use armed force, prevent the use of information technology for goals contrary to the maintenance of international security and stability, jointly resist arms races in cyberspace, and prevent conflicts in cyberspace. Persist in mutual respect, equal treatment, seeking common ground while accepting differences, inclusiveness and mutual trust, respect both sides’ security interests and major concerns in cyberspace, and promote the construction of a harmonious online world. Oppose the use of national security as an excuse to use technological advantages to control other countries’ networks and information systems, or collet and steal data from other countries, it can certainly not be the case that other countries’ security is sacrificed in pursuit of one’s own so-called absolute security.

(3) Governing cyberspace according to the law

Comprehensively move forward with bringing cyberspace under the rule of law, persist in governing the web according to the law, running the web according to the law and using the web according to the law, and let the Internet operate healthily and along a rule of law track. Build a good network order according to the law, protect the lawful, orderly and free circulation of information in cyberspace, protect personal privacy, and protect intellectual property rights. Any organization or individual must, when enjoying freedom and exercising their rights in cyberspace, abide by the law, respect other persons’ rights, and take responsibility for their words and deeds online.

(4) Comprehensively manage cybersecurity and development.

Without cybersecurity, there is no national security, and without informatization, there is no modernization. Cybersecurity and informatization are two wings of one body, two wheels of one cart. Correctly deal with the relationship between development and security, persist in protecting development with security, and stimulating security with development. Security is the precondition for development, any development that comes at the price of sacrificing security will be difficult to sustain. Development is the basis of security, not developing is the greatest insecurity. Without informatization and development, cybersecurity will not be protected, and existing security may even be lost.

IV, Strategic tasks

The quantity of netizens in China and the scale of its network ranks first worldwide, protecting China’s cybersecurity well not only is a requirement for ourselves, it is also of major importance in safeguarding global cybersecurity and even world peace. China will devote itself to safeguarding the nation’s interests in sovereignty, security and development in cyberspace, it promotes that the Internet enriches humanity, and promotes the peaceful use and common governance of cyberspace.

(1) Resolutely defending sovereignty in cyberspace.

Manage online activities within the scope of our country’s sovereignty according to the Constitution, laws and regulations, protect the security of our country’s information infrastructure and information resources, adopt all measures, including economic, administrative, scientific, technological, legal, diplomatic and military measures, to unwaveringly uphold our country’s sovereignty in cyberspace. Resolutely oppose all actions to subvert our country’s national regime or destroy our country’s sovereignty through the network.

(2) Resolutely safeguard national security.

Prevent, curb and lawfully punish any act of using the network to engage in treason, separatism, incite rebellion or subversion, or incite the overthrow of the people’s democratic dictatorship regime; prevent, curb and lawfully punish acts of using the network to steal or leak State secrets and other such acts harming national security; prevent, curb and lawfully punish foreign powers using the network to conduct infiltration, destruction, subversion and separatist activities.

(3) Protect critical information infrastructure.

National critical information infrastructure refers to information infrastructure that affects national security, the national economy and the people’s livelihood, where whenever data is leaked, it is destroyed or loses its functionality, national security and the public interest may be gravely harmed, including but not limited to basic information networks providing public telecommunications, radio and television transmission, and other such services, as well as important information systems in areas and State bodies such as energy, finance, transportation, education, scientific research, hydropower, industry and manufacturing, healthcare and medicine, social security, public undertakings, etc., important Internet application systems, etc. Adopt all necessary measures to protect critical information infrastructure and its important data from attack and destruction. Persist in laying equal stress on technology and management, simultaneously developing protection and deterrence, focus on identification, prevention, monitoring, early warning, response, handling and other such segments, in establishing and implementing a critical information infrastructure protection system, expand input in areas such as management, technology, talent and finance, synthesize measures and policies according to the law, and realistically strengthen security protection of critical information infrastructure.

Protecting critical information infrastructure is a common responsibility of government, businesses and the entire society, controlling and operational work units and organizations must, according to the requirements of laws, regulations, rules and standards, adopt the necessary measures to ensure the security of critical information infrastructure, and progressively realize that evaluation happens first, and application afterwards. Strengthen risk assessment of critical information infrastructure. Strengthen security protection in Party and government bodies, as websites in focus areas, grass-roots Party and government bodies’ websites must be built, operated and managed according to the intensification model. Establish orderly cybersecurity information sharing mechanisms for government, sectors and enterprises, and fully give rein to the important role of enterprises in protecting critical information infrastructure.

Persist in opening up to the outside world, and safeguarding cybersecurity in an open environment. Establish and implement cybersecurity examination structures, strengthen supply chain security management, launch security inspections for important information technology products and services purchased and used in Party and government bodies, as well as focus sectors, raise the security and controllability of products and services, prevent product and service providers and other organizations from using their superiority in information technology to engage in improper competition or to harm users’ interests.

(4) Strengthening the construction of online culture

Strengthen online ideology and culture battlefield construction, powerfully foster and practice the Socialist core value view, implement network content construction projects, develop positive and upward online culture, disseminate positive energy, concentrate powerful spiritual forces, and create a desirable online atmosphere. Encourage the expansion of new businesses and the creation of new products, forge online cultural brands that reflect the spirit of the times, and incessantly raise the scale and levels of the online cultural industry. Implement the Chinese excellent culture online dissemination project, vigorously promote the digitization, networked production and dissemination of excellent traditional culture and masterpieces of contemporary culture. Give rein to the advantages of Internet dissemination platforms, promote exchange and mutual learning between Chinese and foreign excellent culture, let the people of all countries understand China’s excellent culture, let the people of China understand the excellent culture of all countries, jointly promote the flourishing and development of online culture, enrich the people’s spiritual worlds, and stimulate the progress of human civilization.

Strengthen online theory and online civilization construction, give rein to the guiding role of morality education, use the excellent achievement of human civilization to nourish cyberspace and restore the online ecology. Build a civilized and sincere online environment, advocate civilized running of the web and civilized use of the web, and create a secure, civilized and orderly information communication order. Firmly attack the dissemination and spread of rumours, obscenities, violence, superstitions, heresy and other such unlawful and harmful information on the network. Raise the online cultural attainments of minors, strengthen the protection of minors online, and create a beneficial online environment for minors’ healthy growing up through the common efforts of government, social organizations, communities, schools, households, etc.

(5) Attacking cyber terrorism, law-breaking and crime.

Strengthen online anti-terrorism, counterespionage and anti-theft capabilities, and strictly attack cyber terrorism and cyber espionage activities.

Persist in comprehensive governance, control at the source and lawful prevention, strictly attack online fraud, online theft, arms and drug trafficking, infringement of citizens’ personal information, dissemination of obscenity and sex, hacking attacks, infringement of intellectual property rights and other such unlawful and criminal activities.

(6) Perfect network governance systems.

Persist in managing and governing the web in a lawful, open and transparent manner, realistically ensure that there are laws to rely on, laws must be relied on, law enforcement must be strict, and violations of the law must be punished. Complete cybersecurity law and regulation systems, formulate and promulgate the cybersecurity law, the regulations for the online protection of minors and other such laws and regulations, clarify the responsibilities and duties of all parts of society, and clarify cybersecurity management requirements. Accelerate the revision and interpretation of existing laws, and make them applicable to cyberspace. Perfect regulatory structures connected to cybersecurity, establish online trust systems, and raise the scientific and standardized levels of cybersecurity management.
Accelerate the construction of a network governance system that combines legal norms, administrative supervision, sectoral self-discipline, technological protection, mass supervision and social education, move forward with the management and innovation of online social organizations, complete joint mechanisms for basic management, content management, sectoral management as well as online law-breaking and crime prevention and attack. Strengthen the protection of telecommunications secrecy, free speech, commercial secrets as well as the right to reputation, property rights and other such lawful rights and interests in cyberspace.

Encourage social organizations to participate in network governance, develop online public interest undertakings, and strengthen the construction of novel online social organizations. Encourage netizens to report online unlawful acts and harmful information.

Persist in innovation-driven development, vigorously create a policy environment beneficial to technological innovation, comprehensively deal with resources and forces, take enterprises as the mainstay, integrate industry, learning, research and usage, work in coordination to storm strategic passes, let one point pull an entire area ahead, and move forward in a comprehensive manner, so as to obtain breakthroughs in key technologies as quickly as possible. Give high regard to software security, and accelerate the dissemination and application of safe and trustworthy products. Develop network infrastructure, and enrich information content in cyberspace. Implement the “Internet Plus” action plan, forcefully develop the online economy. Implement the national big data strategy, build big data security management structures, support innovation and application of big data, cloud computing and other such new-generation information technologies. Optimize market environments, encourage cybersecurity enterprises to grow and strengthen, and lay an industrial base to protect national cybersecurity.

Build and perfect a national cybersecurity technology support system. Strengthen research on basic cybersecurity theory and major questions. Strengthen cybersecurity standardization, authentication and accreditation work, use standards to standardize acts in cyberspace ever more. Do basic work such as multi-level protection, risk assessment and leak discovery well, and perfect cybersecurity supervision, early warning and major cybersecurity incident emergency response mechanisms.

Implement the cybersecurity talent project, and strengthen the establishment of cybersecurity science majors, forge first-rate cybersecurity academies and innovation parks, and create an ecology and an environment beneficial to the fostering of talent, innovation and start-ups. Do the cybersecurity propaganda week activities well, forcefully launch cybersecurity propaganda and education among the whole population. Promote cybersecurity education to enter textbooks, enter schools, and enter classrooms, raise the accomplishments of online media, strengthen cybersecurity consciousness and protection skills among all of society, raise the broad netizens’ ability to distinguish and resist online unlawful and harmful information, online fraud and other such unlawful and criminal activities.

(8) Enhancing cyberspace protection capabilities.

Cyberspace is a new territory for national sovereignty. Build cybersecurity protection forces commensurate with our country’s international standing and suited to a strong cyber power, forcefully develop cybersecurity defence means, timely discover and resist cyber intrusions, and cast a firm backup force to safeguard national cybersecurity.

(9) Strengthening international cooperation in cyberspace.

On the basis of mutual respect and mutual trust, strengthen international cyberspace dialogue and cooperation, and promote the reform of the global Internet governance system. Deepen bilateral and multilateral cybersecurity dialogues, exchanges and information communications with all countries, effectively manage and control differences, vigorously participate in cybersecurity cooperation in global and regional organizations, promote the internationalization of the management of Internet addresses, domain name servers and other such basic resources.

Support the United Nations to play a leading role, promote the formulation of international norms for cyberspace that are universally recognized by all sides, and an international treaty on anti-terrorism in cyberspace, complete judicial assistance mechanisms to attack cybercrime, deepen international cooperation’s in areas such as policies and laws, technological innovation, standards and norms, emergency response, critical information infrastructure protection, etc.

Strengthen support and assistance to developing countries and backward regions to disseminate Internet technology and construct infrastructure, and strive to close the digital divide. Promote the construction of “One Belt, One Road”, raise international telecommunications interconnection and interaction levels, and pave a smooth information silk road. Set up the World Internet Conference and other such global Internet sharing and common governance platforms, and jointly promote the healthy development of the Internet. Through vigorous and effective international cooperation, establish a multi-lateral, democratic and transparent international Internet governance system, and jointly build a peaceful, secure, open, cooperative and orderly cyberspace.

No comments: