CHINA’S NATIONAL CYBERSECURITY POLICY: INSTITUTIONAL PRESSURES
##plugins.themes.bootstrap3.article.main##
##plugins.themes.bootstrap3.article.sidebar##
Abstract
The article studies the driving factors behind the formation of China’s national cybersecurity policy through the application of the institutional theory. The institutionalization of China’s cyber governance is explored by evaluating the impact of coercive, mimetic and normative pressures, originally suggested by DiMaggio and Powell in the organizational theory. The article provides an overview of China’s reforms in the Internet field, the domestic institutional framework regulating cyberspace in China, and a review of the documents passed since 2014. The factor of US threat is evaluated as a coercive force, which boosted proactive reforms of China’s national cybersecurity policy. New initiatives in cyber governance realm proposed by Western states push Chinese officials to encourage local response, often mirroring the actions of other states and adapting them to national needs. Thus, the Cybersecurity Law of 2017 and the Personal Information Protection Laws of 2021 are compared to the General Data Protection Regulation adopted in the EU. The introduction of domestic legal and normative reforms and promotion of the “cyber sovereignty” doctrine by the Chinese government is studied along with the existing regulations and norms in the cyber governance and contrasted with the position of the Western states. In China, the government is the major driving force behind the formation of national cybersecurity policy reforms and since 2014 the agenda in the regulation of Internet space has been clearly defined both domestically and internationally. China’s intention to extend its position in global governance is based on the belief that it should shift from being a “rule taker” to a “rule creator”. However, China still has a long way to go to align the actual readiness of private enterprises and the society with the policy goals.
How to Cite
Shevchenko, Y. H. (2022). CHINA’S NATIONAL CYBERSECURITY POLICY: INSTITUTIONAL PRESSURES. Chinese Studies, (1), 5-21. https://doi.org/10.51198/chinesest2022.01.005
##plugins.themes.bootstrap3.article.details##
Keywords
cybersecurity, cyber sovereignty, institutional pressures, Cyberspace Administration of China, Internet governance
References
蔡翠红 (2018). 网络地缘政治:中美关系分析的新视角. 国际政治研究, 1, pp. 9–37.
李侃如, 辛格彼得 (2012). 网络安全与美中关系. Brookings, available at: https://www.brookings.edu/wp-content/uploads/2016/06/0223_cybersecurity_china_us_lieberthal_singer_pdf_Chinese.pdf.
鲁传颖 (2016). 网络空间治理的力量博弈、理念演变与中国战略. 国际展望, 8(01), pp. 117–134+157.
平郎 (2018). 网络空间国际秩序的形成机制. 国际政治科学, 3(1).
王翔 (2016). 中美网络安全领域博弈机理分析及未来展望. 中国与国际关系学刊, 2, pp. 34–51.
Austin G. (2016). “International Legal Norms in Cyberspace: Evolution of China’s National Security Motivations” / In: A.-M. Osula and H. Rõigas (eds.), International Cyber Norms Legal, Policy & Industry Perspectives. Tallinn : NATO Cooperative Cyber Defence Centre of Excellence, pp. 171–201.
Austin G. (2018). Cybersecurity in China: the next wave. Cham, Switzerland : Springer.
Balke L. (2018). “China’s New Cybersecurity Law and U.S.-China Cybersecurity Issues”. Santa Clara Law Review, 58(1).
Björck F. (2004). “Institutional theory: a new perspective for research into IS/IT security in organizations”. Proceedings of the 37th Hawaii International Conference on
System Sciences.
Clarke R. (2013). Securing Cyberspace Through International Norms. Good Harbor Security Risk Management.
Cyber Magazine (2021). China launches three-year cybersecurity action plan. Cyber Security. (online) Cyber Magazine, available at: https://cybermagazine.com/
cyber-security/china-launches-three-year-cybersecurity-action-plan (Accessed 20 Jan. 2022).
Daddi T., Bleischwitz R., Todaro N. M., Gusmerotti N. M., & De Giacomo M. R. (2019). “The influence of institutional pressures on climate mitigation and adaptation strategies”. Journal of Cleaner Production, 244, 118879.
Daum T. (2021). A Chinese law made in Europe, available at: https://www.ips-journal.eu/work-and-digitalisation/a-chinese-law-made-in-europe-5596/#:~:text=China (Accessed 3 Feb. 2022).
Deng Z. and Dai J. (2021). The comparison between China’s PIPL and EU’s GDPR: Practitioners’ perspective, available at: https://www.dentons.com/en/insights/articles/2021/october/8/the-comparison-between-chinas-pipl-and-eus-gdpr.
DiMaggio P. and Powell W. (eds.) (1991). The New institutionalism in organizational analysis. Chicago : The University of Chicago Press.
Ghosh P. (2021). China Now Has Almost 1 Billion Internet Users. (online) Forbes, available at: https://www.forbes.com/sites/palashghosh/2021/02/04/china-now-hasalmost-1-billion-internet-users/?sh=2741d76526d9 (Accessed 22 Jan. 2022).
Hovav A., & D’Arcy J. (2012). “Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U. S. and South Korea”. Information & Management, 49(2), 99–110.
Huang Z. and Mačák K. (2017). “Towards the International Rule of Law in Cyberspace: Contrasting Chinese and Western Approaches”. Chinese Journal of International Law, 16(2), pp. 271–310.
ITU (2021). Global Cybersecurity Index 2020, available at: https://www.itu.int/epublications/publication/global-cybersecurity-index-2020/en/ (Accessed 8 Nov. 2021).
Jepperson R. (1991). “Institutions, Institutional Effects, and Institutionalism”. In: The new institutionalism in organizational analysis. Chicago : The University of Chicago Press, pp. 143–163.
Jeyaraj A. and Zadeh A. (2020). “Institutional Isomorphism in Organizational Cybersecurity: A Text Analytics Approach”. Journal of Organizational Computing and Electronic Commerce, pp. 1–20.
Jiang M. (2020). “Cybersecurity policies in China” / In: L. Belli (ed.), CyberBRICS: Cybersecurity Regulations in BRICS Countries. Berlin, Germany : Springer, pp. 195–212.
Ke X., Liu V., Luo Y. and Yu Z. (2021). Analyzing China’s PIPL and how it compares to the EU’s GDPR, available at: https://iapp.org/news/a/analyzing-chinas-pipl-andhow-it-compares-to-the-eus-gdpr/.
Kiyan O. (2021). Establishing Cybersecurity Norms in the United Nations: The Role of U. S.-Russia Divergence. Harvard International Review, available at: https://hir.harvard.edu/establishing-cybersecurity-norms-in-the-united-nations-therole-of-u-s-russia-divergence/ (Accessed 4 Feb. 2022).
Levite A. and Lyu J. (2019). Chinese-American Relations in Cyberspace: Toward Collaboration or Confrontation? Carnegie Endowment for International Peace, available at: https://carnegieendowment.org/2019/01/24/chinese-american-relations-incyberspace-toward-collaboration-or-confrontation-pub-78213.
Liang Saraf, Hu & Xue. (2007). “Assimilation of Enterprise Systems: The Effect of Institutional Pressures and the Mediating Role of Top Management”. MIS Quarterly, 31(1), 59.
Lindsay J. R., Tai Ming C. and Reveron D. S. (2015). China and cybersecurity: espionage, strategy, and politics in the digital domain. Oxford : Oxford University Press.
Mueller M. (2017). “Is cybersecurity eating internet governance? Causes and consequences of alternative framings”. Digital Policy, Regulation and Governance, 19(6), pp. 415–428.
NPC (2021). 中华人民共和国个人信息保护法_中国人大网, available at: http://www.npc.gov.cn/npc/c30834/202108/a8c4e3672c74491a80b53a172bb753fe.shtml.
Osula A. N., Rõigas H. and NATO Cooperative Cyber Defence Centre Of Excellence (2016). International cyber norms: legal, policy and industry perspectives. Tallinn, Estonia: NATO Cooperative Cyber Defence Centre Of Excellence.
Peters G. (2019). Institutional Theory in Political Science: the new institutionalism. Edward Elgar Publishing.
Raud M. (2016). China and Cyber: Attitudes, Strategies, Organisation. Tallinn : NATO Cooperative Cyber Defence Centre of Excellence.
Safa N., Von Solms R. and Furnell S. (2016). “Information security policy compliance model in organizations”. Computers & Security, 56, pp. 70–82, available at: https://www.sciencedirect.com/science/article/pii/S0167404815001583.
Scott R. (1995). Institutions and organizations: ideas, interests and identities. Sage Publications, Inc.
Singh H. P., & Alshammari T. S. (2020). “An Institutional Theory Perspective on Developing a Cyber Security Legal Framework: A Case of Saudi Arabia”. Beijing Law Review, 11(03), 637–650, available at: https://doi.org/10.4236/blr.2020.113039.
Swaine M. (2013). “Chinese Views on Cybersecurity in Foreign Relations”. China Leadership Monitor, 42.
Teo H., Wei K., & Benbasat I. (2003). “Predicting Intention to Adopt Interorganizational Linkages: An Institutional Perspective”. MIS Quarterly, 27(1), 19, available at: https://doi.org/10.2307/30036518.
The International Institute for Strategic Studies (2021). “Cyber Capabilities and National Power: A Net Assessment”. UK : The International Institute for Strategic Studies.
The State Council (2021). China’s digital economy reaches $6t in 2020, available at: http://english.www.gov.cn/news/videos/202109/28/content_WS61527f60c6d0 df57f98e0ff2.html#:~:text=China (Accessed 23 Jan. 2022).
The State Council Information Office (2019). China’s National Defense in the New Era. available at: https://english.www.gov.cn/archive/whitepaper/201907/24/content_WS5d3941ddc6d08408f502283d.html.
Voo J., Hemani I., Jones S., DeSombre W., Cassidy D. and Schwarzenbach A. (2020). National Cyber Power Index 2020. Cambridge : Belfer Center for Science and International Affairs, Harvard Kennedy School.
Xinhua (2017). International Strategy of Cooperation on Cyberspace, available at: http://www.xinhuanet.com//english/china/2017-03/01/c_136094371_2.htm.
Xu L. (2014). “China’s Internet Development and Cybersecurity – Policies and Practices”. In: Chinese Cybersecurity and Defense. London : ISTE Ltd, pp. 1–54.
Zheng D., Chen J., Huang L. and Zhang C. (2013). “E-government adoption in public administration organizations: integrating institutional theory perspective and resourcebased view”. European Journal of Information Systems, 22(2), pp. 221–234.
李侃如, 辛格彼得 (2012). 网络安全与美中关系. Brookings, available at: https://www.brookings.edu/wp-content/uploads/2016/06/0223_cybersecurity_china_us_lieberthal_singer_pdf_Chinese.pdf.
鲁传颖 (2016). 网络空间治理的力量博弈、理念演变与中国战略. 国际展望, 8(01), pp. 117–134+157.
平郎 (2018). 网络空间国际秩序的形成机制. 国际政治科学, 3(1).
王翔 (2016). 中美网络安全领域博弈机理分析及未来展望. 中国与国际关系学刊, 2, pp. 34–51.
Austin G. (2016). “International Legal Norms in Cyberspace: Evolution of China’s National Security Motivations” / In: A.-M. Osula and H. Rõigas (eds.), International Cyber Norms Legal, Policy & Industry Perspectives. Tallinn : NATO Cooperative Cyber Defence Centre of Excellence, pp. 171–201.
Austin G. (2018). Cybersecurity in China: the next wave. Cham, Switzerland : Springer.
Balke L. (2018). “China’s New Cybersecurity Law and U.S.-China Cybersecurity Issues”. Santa Clara Law Review, 58(1).
Björck F. (2004). “Institutional theory: a new perspective for research into IS/IT security in organizations”. Proceedings of the 37th Hawaii International Conference on
System Sciences.
Clarke R. (2013). Securing Cyberspace Through International Norms. Good Harbor Security Risk Management.
Cyber Magazine (2021). China launches three-year cybersecurity action plan. Cyber Security. (online) Cyber Magazine, available at: https://cybermagazine.com/
cyber-security/china-launches-three-year-cybersecurity-action-plan (Accessed 20 Jan. 2022).
Daddi T., Bleischwitz R., Todaro N. M., Gusmerotti N. M., & De Giacomo M. R. (2019). “The influence of institutional pressures on climate mitigation and adaptation strategies”. Journal of Cleaner Production, 244, 118879.
Daum T. (2021). A Chinese law made in Europe, available at: https://www.ips-journal.eu/work-and-digitalisation/a-chinese-law-made-in-europe-5596/#:~:text=China (Accessed 3 Feb. 2022).
Deng Z. and Dai J. (2021). The comparison between China’s PIPL and EU’s GDPR: Practitioners’ perspective, available at: https://www.dentons.com/en/insights/articles/2021/october/8/the-comparison-between-chinas-pipl-and-eus-gdpr.
DiMaggio P. and Powell W. (eds.) (1991). The New institutionalism in organizational analysis. Chicago : The University of Chicago Press.
Ghosh P. (2021). China Now Has Almost 1 Billion Internet Users. (online) Forbes, available at: https://www.forbes.com/sites/palashghosh/2021/02/04/china-now-hasalmost-1-billion-internet-users/?sh=2741d76526d9 (Accessed 22 Jan. 2022).
Hovav A., & D’Arcy J. (2012). “Applying an extended model of deterrence across cultures: An investigation of information systems misuse in the U. S. and South Korea”. Information & Management, 49(2), 99–110.
Huang Z. and Mačák K. (2017). “Towards the International Rule of Law in Cyberspace: Contrasting Chinese and Western Approaches”. Chinese Journal of International Law, 16(2), pp. 271–310.
ITU (2021). Global Cybersecurity Index 2020, available at: https://www.itu.int/epublications/publication/global-cybersecurity-index-2020/en/ (Accessed 8 Nov. 2021).
Jepperson R. (1991). “Institutions, Institutional Effects, and Institutionalism”. In: The new institutionalism in organizational analysis. Chicago : The University of Chicago Press, pp. 143–163.
Jeyaraj A. and Zadeh A. (2020). “Institutional Isomorphism in Organizational Cybersecurity: A Text Analytics Approach”. Journal of Organizational Computing and Electronic Commerce, pp. 1–20.
Jiang M. (2020). “Cybersecurity policies in China” / In: L. Belli (ed.), CyberBRICS: Cybersecurity Regulations in BRICS Countries. Berlin, Germany : Springer, pp. 195–212.
Ke X., Liu V., Luo Y. and Yu Z. (2021). Analyzing China’s PIPL and how it compares to the EU’s GDPR, available at: https://iapp.org/news/a/analyzing-chinas-pipl-andhow-it-compares-to-the-eus-gdpr/.
Kiyan O. (2021). Establishing Cybersecurity Norms in the United Nations: The Role of U. S.-Russia Divergence. Harvard International Review, available at: https://hir.harvard.edu/establishing-cybersecurity-norms-in-the-united-nations-therole-of-u-s-russia-divergence/ (Accessed 4 Feb. 2022).
Levite A. and Lyu J. (2019). Chinese-American Relations in Cyberspace: Toward Collaboration or Confrontation? Carnegie Endowment for International Peace, available at: https://carnegieendowment.org/2019/01/24/chinese-american-relations-incyberspace-toward-collaboration-or-confrontation-pub-78213.
Liang Saraf, Hu & Xue. (2007). “Assimilation of Enterprise Systems: The Effect of Institutional Pressures and the Mediating Role of Top Management”. MIS Quarterly, 31(1), 59.
Lindsay J. R., Tai Ming C. and Reveron D. S. (2015). China and cybersecurity: espionage, strategy, and politics in the digital domain. Oxford : Oxford University Press.
Mueller M. (2017). “Is cybersecurity eating internet governance? Causes and consequences of alternative framings”. Digital Policy, Regulation and Governance, 19(6), pp. 415–428.
NPC (2021). 中华人民共和国个人信息保护法_中国人大网, available at: http://www.npc.gov.cn/npc/c30834/202108/a8c4e3672c74491a80b53a172bb753fe.shtml.
Osula A. N., Rõigas H. and NATO Cooperative Cyber Defence Centre Of Excellence (2016). International cyber norms: legal, policy and industry perspectives. Tallinn, Estonia: NATO Cooperative Cyber Defence Centre Of Excellence.
Peters G. (2019). Institutional Theory in Political Science: the new institutionalism. Edward Elgar Publishing.
Raud M. (2016). China and Cyber: Attitudes, Strategies, Organisation. Tallinn : NATO Cooperative Cyber Defence Centre of Excellence.
Safa N., Von Solms R. and Furnell S. (2016). “Information security policy compliance model in organizations”. Computers & Security, 56, pp. 70–82, available at: https://www.sciencedirect.com/science/article/pii/S0167404815001583.
Scott R. (1995). Institutions and organizations: ideas, interests and identities. Sage Publications, Inc.
Singh H. P., & Alshammari T. S. (2020). “An Institutional Theory Perspective on Developing a Cyber Security Legal Framework: A Case of Saudi Arabia”. Beijing Law Review, 11(03), 637–650, available at: https://doi.org/10.4236/blr.2020.113039.
Swaine M. (2013). “Chinese Views on Cybersecurity in Foreign Relations”. China Leadership Monitor, 42.
Teo H., Wei K., & Benbasat I. (2003). “Predicting Intention to Adopt Interorganizational Linkages: An Institutional Perspective”. MIS Quarterly, 27(1), 19, available at: https://doi.org/10.2307/30036518.
The International Institute for Strategic Studies (2021). “Cyber Capabilities and National Power: A Net Assessment”. UK : The International Institute for Strategic Studies.
The State Council (2021). China’s digital economy reaches $6t in 2020, available at: http://english.www.gov.cn/news/videos/202109/28/content_WS61527f60c6d0 df57f98e0ff2.html#:~:text=China (Accessed 23 Jan. 2022).
The State Council Information Office (2019). China’s National Defense in the New Era. available at: https://english.www.gov.cn/archive/whitepaper/201907/24/content_WS5d3941ddc6d08408f502283d.html.
Voo J., Hemani I., Jones S., DeSombre W., Cassidy D. and Schwarzenbach A. (2020). National Cyber Power Index 2020. Cambridge : Belfer Center for Science and International Affairs, Harvard Kennedy School.
Xinhua (2017). International Strategy of Cooperation on Cyberspace, available at: http://www.xinhuanet.com//english/china/2017-03/01/c_136094371_2.htm.
Xu L. (2014). “China’s Internet Development and Cybersecurity – Policies and Practices”. In: Chinese Cybersecurity and Defense. London : ISTE Ltd, pp. 1–54.
Zheng D., Chen J., Huang L. and Zhang C. (2013). “E-government adoption in public administration organizations: integrating institutional theory perspective and resourcebased view”. European Journal of Information Systems, 22(2), pp. 221–234.