The recently exposed cyber-attacks against China’s Northwestern Polytechnical University have attracted widespread attention. At the “2022 (Eighth) Conference on the Rule of Law on the Internet in China” convened on Sept. 6, participating scholars noted that cybersecurity strength and cyber governance capacity have become a new manifestation of a country’s composite strength, suggesting priority be given to further improving governance capacity for cyberspace.

Growing importance of cyberspace

According to China’s National Computer Virus Emergency Response Center (CVERC), the US National Security Agency-affiliated Tailored Access Operations Office used 41 specialized cyber weapons to launch cyber theft operations over 1,000 times against Northwestern Polytechnical University and stole core technical data.

Investigation reports also show that the US conducted indiscriminate language monitoring of Chinese mobile phone users for an extended period, illegally stealing text messages from the mobile phone users, while carrying out wireless positioning. The US’s theft and attack on China’s cyberspace directly threatens the nation’s cybersecurity, and it also demonstrates an attempt to obtain China’s advanced technological information by illegal means. Posing a direct threat to China’s technological, social, and national defense security, the US’s behavior also undermines the current international cyberspace order.

At present, cyberspace has become the fifth largest sovereign territory after sea, land, the air, and space. With growing importance and an increasingly significant impact on the security of other areas, cyberspace has become a key area for safeguarding national sovereignty. Liu Deliang, director of the Asia-Pacific Institute for Cyber-Law Studies at Beijing Normal University, believes that cyberspace governance capacity relates directly to national sovereignty and security interests, and will have a great bearing on future international competition.

Coordination between state power and cyber rights or internet freedom, data governance, and a lack of international behavioral norms in cyberspace have become urgent issues facing countries in cyberspace governance today. According to Fan Mingzhi, a professor from the Institute of Rule of Law on Data at China University of Political Science and Law, despite varying basic institutions and governance systems across countries, cybersecurity problems, such as cybersecurity vulnerabilities, virus proliferation, information and data leakage, and even international cyber-attacks, are universal around the world. Major political and military incidents in some countries are often accompanied by large-scale cyber-attacks. Currently, the lack of international behavioral norms for cyberspace, and the failure of existing international laws and governance mechanisms also leave a “back door” open for “cyberbullying” and other behaviors, Fan said.

Cyberspace governance in China

Judicial protection is the cornerstone of cyberspace governance, and strengthening the rule of law in cyberspace plays a fundamental and essential role in reinforcing China’s cybersecurity governance and enhancing its comprehensive governance capacity over cyberspace.

As the first special law in the field of cybersecurity, the Cybersecurity Law of the People’s Republic of China specifies the protection of personal information and the fight againt cyber fraud, marking an important milestone in the rule of law process concerning cyberspace in the country. The law has already played a significant role in China’s social life since it took effect in mid-2017.

After the Cybersecurity Law, China has successively promulgated other laws and regulations, such as the Data Security Law, the Personal Information Protection Law, and the Regulations on the Security and Protection of Critical Information Infrastructures, constantly improving the supporting legal system for cyberspace governance.

At the national and local levels, vigorous efforts have been made to effectively carry out and promote the Cybersecurity Law, thus raising the entire society’s awareness of cybersecurity. Fan said that on the basis of entrenching national cyber sovereignty, the cybersecurity strategy outlined in the Cybersecurity Law has been progressivey implemented. A cyber co-governance system has been basically established, critical information infrastructures have been effectively protected, and the people’s safety in cyberspace has been solidly safeguarded.

In terms of academic research, scholarly outcomes with the Cybersecurity Law as the research object and material continue to emerge. Zhou Hui, deputy director of the Department of Cyber and Information Law at the Institute of Law under the Chinese Academy of Social Sciences, noted that the Cybersecurity Law is the legislative backbone to implement the overall national security outlook. It enriches the research content of science on national security, and provides institutional support for the development of cyber and information law as an independent discipline.

As part of the national governance system, the cybersecurity system ultimately depends on a country’s basic institutional design. China has now established a series of effective cybersecurity systems, such as national sovereignty in cyberspace, a real-name system online, and data protection. The government has also built a cyber legal system with special legislation on cyber content construction and management, cybersecurity, and information-based development at the core, providing a solid institutional guarantee for building a strong cyberpower.