Article
This piece argues that India’s central challenge is not managing a single flashpoint but resolving the underlying tension between expansion and institutional coherency of the BRICS grouping.
Vrinda Sahai
{
"authors": [
"Tim Maurer"
],
"type": "other",
"centerAffiliationAll": "dc",
"centers": [
"Carnegie Endowment for International Peace",
"Carnegie China"
],
"collections": [
"China’s Foreign Relations",
"U.S. Nuclear Policy",
"Cyber and Digital Policy",
"Major Power Tech Relations"
],
"englishNewsletterAll": "ctw",
"nonEnglishNewsletterAll": "",
"primaryCenter": "Carnegie Endowment for International Peace",
"programAffiliation": "NPP",
"programs": [
"Nuclear Policy",
"Technology and International Affairs"
],
"projects": [],
"regions": [
"North America",
"United States",
"East Asia",
"China",
"Iran"
],
"topics": [
"Technology"
]
}
Source: Getty
Other
What’s Next for the U.S. and China in Cybersecurity
In the wake of the agreement between President Obama and President Xi, there’s a bigger strategic discussion that will continue to play out around the future of the internet and the issue of sovereignty.
By Tim Maurer
Published on Jul 5, 2016
Source: Wall Street Journal
It took the threat of sanctions and a flurry of last-minute negotiations to get China to sit down for serious talks about cybersecurity with the U.S. Now comes the hard part.
Chinese President Xi Jinping’s announcement last fall that Beijing would stop state sponsorship of hacking for commercial gain caught many by surprise. By multiple recent accounts, China has stayed true to its word. But in the area military types increasingly refer to as the “fifth domain” — after land, sea, air and space — of warfare, a cloud of questions large and tiny still loom over relations between the world’s great powers
One emerging expert on the uncertain business of cyberpolitics is Carnegie Endowment for International Peace researcher Tim Maurer, who visited Beijing in late June to meet with Chinese cybersecurity scholars. China Real Time picked Mr. Maurer’s brain on next steps for the U.S. and China, Beijing’s ambitions for managing the internet and the cybersecurity threat that worries him the most. Here are excerpts edited for length and clarity:
After the agreement between Obama and Xi, what’s the next cybersecurity question for the U.S. and China?
Now that we have an agreement, there’s a bigger strategic discussion that will continue to play out around the future of the internet and the issue of sovereignty. Topics like cloud storage and the role that multinational companies play still need to be resolved, and we still haven’t seen a resolution to some of the security issues, like backdoors and other supply-chain integrity questions, that were raised by [NSA leaker Edward] Snowden and are a concern for both countries.
China’s is big on this idea of Internet sovereignty–that national borders and national laws should extend into cyberspace. What does Beijing have to do to overcome political opposition in the U.S. and other countries and make that a reality?
There’s a trade-off involved for the Chinese government, I think, between security and growth. China in and of itself is a huge market and is capable of satisfying a lot of Chinese companies. But for global companies like Alibaba, Huawei and ZTE, the biggest growth opportunities are probably beyond China. This notion of technological sovereignty implies certain changes to the internet at several layers — whether it’s physical infrastructure, applications or control of content — that will increase the cost of doing business globally through the internet. If you look at G20 economies, the internet actually accounts for a larger share of the economy in China than in the U.S.
Where do the U.S. and China stand on question of establishing norms of behavior in cyberspace?
There are disagreements over definitions of terms like “international wrongful act” and how norms will apply in a military context, but the major tension is over whether there should be a treaty. Russia and China are pushing for one. The U.S. and other Western governments are pushing for voluntary norms instead.
Why not have a treaty? What do voluntary norms accomplish?
There’s been a gradual trend away from treaties and conventions the past few decades. One concern is that you undermine international law when you create treaties that are ineffective. That doesn’t mean you can’t have one, but there are lots of technical issues around issues like verification and enforcement. How do you determine when a violation has taken place, and how do you punish it? With voluntary norms, the idea is to to develop a standards of acceptable behavior that state actors will adhere to because it’s in their self-interest to be a part of the community, to maintain access to shared information and resources.
What will it take to get everyone to agree?
There’s already been significant progress in the last two or three years. Some people say there won’t be much more progress until there’s a major cyberattack. I think something else that might create movement is a growing threat from nonstate actors, like cybercriminals or terrorists, which is already happening.
When you survey the variety of cybersecurity threats out there, what is the biggest concern you have?
Probably the biggest concern is with the integrity of data. The vast majority of hacking incidents so far have been relatively unsophisticated stealing of data, which is the low-hanging fruit. In most instances, that’s because defenses are so bad — including at the government level. But now you’re starting to see increasingly sophisticated malware, and there’s a concern about hackers not just stealing data, but altering it.
We haven’t seen a lot of these attacks yet, but they are hard to detect and the potential damage is quite large, particularly in the financial sector. Electrical grids are confined to individual countries, but financial markets are highly interconnected. Imagine what would happen if people started losing faith in the integrity of financial data. It could have a domino effect. This is one area where we think there is potential for cooperation between states like the U.S., China and Russia.
About the Author
Tim Maurer
Former Senior Fellow, Technology and International Affairs Program
Dr. Tim Maurer was a senior fellow in Carnegie’s Technology and International Affairs program.
Carnegie India does not take institutional positions on public policy issues; the views represented herein are those of the author(s) and do not necessarily reflect the views of Carnegie, its staff, or its trustees.
More Work from Carnegie India
- Managing Divergence: India’s BRICS Presidency in 2026
- India’s Semiconductor Ecosystem Is Maturing—and ASML Is Taking NoticeCommentary
The ASML MoU with Tata Electronics is an indicator of how far the Indian semiconductor ecosystem has come. This ecosystem has been years in the making and represents real commercial logic.
Konark Bhandari
- A Review of India's 2023 Space Policy and Entrepreneurship EcosystemPaper
This paper examines the relationship between India’s evolving space policy and the corresponding growth in private space ventures. It analyzes both the enabling factors created by recent regulatory changes and the persistent challenges facing entrepreneurs in this capital-intensive, highly regulated industry.
Harshan Vazhakunnam
- The Unresolved Challenges in U.S.–India Semiconductor CooperationCommentary
The U.S.–India semiconductor cooperation story is well-stocked with top-level strategic intent. What remains unresolved, however, are some underlying challenges that will determine whether the cooperation actually functions. Three such friction points stand out.
Shruti Mittal
- Outlooks on Open-Source Innovation at the India AI Impact Summit 2026Article
Drawing on ten public discussions from the India AI Impact Summit 2026, this article highlights key outlooks on open source in AI that are likely to shape policy and governance conversations going forward.
Shruti Mittal
