From: The New Yorker

Posted by Evan Osnos

After years of debate, the Senate is set to take up a cyber-security bill that would force power  companies and other vulnerable parts of the infrastructure to meet a certain  level of security. President Obama is backing the bill, the Cybersecurity Act of 2012, as a  response to “one of the most serious economic and national security challenges  we face,” though it has been watered down in response to industry and G.O.P.  critics who oppose mandatory standards (and it very well might die in the House). China, meanwhile, is also trying to defend itself against cyber threats. For more on  this, and on how the U.S. and China stack up on technology innovation, I turned  to Adam Segal, the Maurice R. Greenberg Senior Fellow in China  Studies at the Council on Foreign Relations. He is the author of “Advantage: How American Innovation Can Overcome the Asian  Challenge,” and he tweets at @adschina.

In “Chinese  Computer Games,” in the March/April edition of Foreign Affairs, you argued  against hoping for a grand bargain: “Washington should focus on improving its  defenses.” President Obama supports the Cybersecurity Act of 2012. Should the  Senate pass it?

We need effective legislation, but it doesn’t look like the Cybersecurity Act  of 2012 is going to be it. After opposition surfaced to provisions requiring  power grid, gas pipeline, water supply, and other critical infrastructure  providers to meet a certain level of security defined by the Department of  Homeland Security, a compromise version of the bill that made industry  participation voluntary was introduced. The D.H.S. will help develop best  practices with industry and companies will be offered incentives to adopt them.  The bill still needs votes to pass the Senate, faces stiff opposition from  Senator John McCain, and it is uncertain if it will be taken up by the House  before the session concludes. In the unlikely case that it does pass, the best  that can be said of it will probably be that it was better than doing  nothing.

While China could attack critical infrastructure, it is unlikely to do so  unless the two sides are seriously considering or already engaged in military  conflict. The most pressing threat from China now is cyber espionage, and if the  bill fails, Congress will have to revisit the question of how the government and  private sector can improve information-sharing on threats and vulnerabilities.  It is interesting that as the government struggles to come up with a policy  solution, an increasing number of private firms appear to be willing to consider  more active defense measures. Hacking back into computers in China would be  illegal, but companies are mapping out the attackers’ networks and they can also  plant disinformation and waste hackers’ time by building fake systems.

The proliferation of Weibo and cheap smartphones seems to pose a  fundamental challenge; the scale of data may grow even faster than China’s ample  human resources can manage. How will China’s Internet censorship evolve to keep  up, or is it outmatched?

I suspect the technology pendulum will continue to swing back and forth,  sometimes favoring the C.C.P., other times netizens. With Chinese netizens now  totaling five hundred and thirty-eight million, with three hundred and  thirty-eight million accessing the Web through smartphones, data will  proliferate at a massive rate and will be increasingly mobile. Chinese web users  will think of new ways to outsmart censors, at least for a few hours. This is  clearly putting increasing pressure on the government to be more responsive and  transparent, but the state can also rely on new surveillance technologies and  exploit big data to pinpoint and repress protests and dissidents.

The important change will not be simply technological but also in user  behavior and expectations. Most Chinese netizens, like their counterparts every  else in the world, do not use the Web for political purposes. As Rebecca  MacKinnon and others have pointed out, the relatively open nature of the Web in  China allows people to vent their frustration and debate, under constricted  circumstances, sensitive topics, perhaps making them less likely to question the  government directly. Moreover, many in China seem to accept the government’s  explanation that it regulates the Internet to control dangerous or harmful  material like pornography. Only when these assumptions change, and when more  Chinese are willing to question the legitimacy of one-party rule, will the full  force of new technologies be channelled to political change.

Cyber is often mentioned as one of the leading potential flashpoints in  the U.S.-China relationship. Where would you rank that risk compared to  potential conflict in the South China Sea, Taiwan, or trade disputes?

While strategic mistrust is high between the two sides, Cyber alone is  unlikely to be a major flashpoint. Attacks designed to steal intellectual  property and other trade secrets occur with such regularity and at such a pace  and scope that General Alexander, head of U.S. Cyber Command, has called them “the greatest transfer of wealth in history”—yet the United States continues to  engage China on a range of issues, from Iran and Syria to trade and the  environment. Washington has raised the pressure on Beijing about cyber, publicly  calling out Chinese hackers and addressing it in bilateral meetings, but clearly  has not made it an issue that it is willing to go to the mat for.

There is little doubt, however, that cyber will be part of any political,  military, or economic conflict in the future, and that it has high a probability  of making the situation more difficult to resolve. Web-site defacements were an  annoyance in the standoff between China and the Philippines over the Scarborough  Shoal/Huangyan Island, but more serious cyber attacks could have escalated the  situation, making signalling much more complicated. This is why it is so  important that the United States and China continue to talk about cyber and to  develop points of contact and other communication mechanisms in case of  crisis.

In “Advantage,” you make the case for American “software” in innovation,  but American executives often say we shouldn’t be confident; they cite some  familiar numbers on Chinese engineers graduating each year, rising Chinese  investment in R. & D., new infrastructure, and so on. Are they  right?

I agree that we should not be overconfident. Our software—the social,  political, and cultural institutions and understandings that move ideas from the  lab to the marketplace—cannot operate on autopilot. There is much to be  done—reforming immigration and visa laws, preserving and enlarging investment in  basic R. & D., reinvigorating university-industry collaboration, and  re-energizing science and math education.

But much of the news over the last few years reinforces my argument that  China’s software is a real impediment to building a truly innovative economy.  American C.E.O.s love to quote China’s rising investment in R. & D., but  they never follow with Chinese reporting that suggests sixty per cent of state  R&D funds are lost to corruption. High-profile plagiarism and academic  malfeasance cases continue to surface, and the education system struggles with  fostering creativity and individual initiative. A recent study conducted by the  World Bank and the State Council concluded that research quality falls short,  scientists publish relatively few high-impact articles, and that the majority of  Chinese patents constitute minor tweaks rather than real inventions. Market  incentives are still orienting Chinese entrepreneurs to adapting technologies  developed in the West for the local market, not thinking long-term and investing  in high-risk, high-return breakthroughs. Most important, the government still  fears the intellectual competition and freedom to debate the new ideas necessary  for innovation.