Lu Chuanying: Security Dilemmas, Evolutionary Order of Cyberspace, and the Chinese Solution | Marxism Research Network

With the rapid development of internet technology, cyberspace governance has shifted from its initial focus on simple "internet governance" toward a comprehensive governance of the broader political, security, and economic spheres. The connotation and practical significance of cyberspace order are undergoing continuous evolution and reshaping. A major collective problem currently facing the international community is how to find a path of coordination between the maneuvering for national interests and pluralistic governance models to construct a stable, just, and sustainable global cyberspace order. This article aims to analyze three dimensions—the security dilemma, conceptual adjustments, and the Chinese solution—to clarify the evolutionary trends and challenges of the global cyberspace order, and subsequently explore feasible paths for global governance as a solution.

The Security Dilemma Facing Global Cyberspace

In the process of constructing a global cyberspace order, the most prominent and profound challenge is the cyberspace security dilemma. This security dilemma is not merely an extension and magnification of the traditional national security dilemma; it presents an entirely new level of complexity and uncertainty due to the unique attributes of cyberspace, such as its virtuality, transnationality, and openness. A deep analysis of the causes and manifestations of the cybersecurity dilemma, as well as its impact on the construction of a global cyberspace order, is particularly important for understanding the difficulties currently faced in building that order.

Traditional security dilemma theory posits that under the anarchy of the international system, a state’s efforts to increase its defensive capabilities for its own security are often misinterpreted by other states as offensive intent, thereby triggering an arms race and a vicious cycle of insecurity. The cybersecurity dilemma includes not only security challenges and crises triggered by ambiguous intentions between states, but more importantly, a security dilemma triggered by the inherent defects of network technology itself. Cyberspace is built upon coding, and system coding contains unavoidable errors. Furthermore, different programmers have varying understandings of code; when the volume of code is sufficiently large, it becomes difficult for successors to fully comprehend the original coding, leading to program conflicts and vulnerabilities. Security risks resulting from the inherent defects of cyberspace are characterized by the generalization of security risks, the difficulty of measuring risk, and the blurring of security boundaries.

The primary characteristic of the cybersecurity dilemma is the ubiquitous nature of risk. As the foundation of digital technology, code contains vulnerabilities and hidden security hazards that are pervasive across almost all information systems; some even argue that there is one error for every ten lines of code. Taking Microsoft as an example: despite possessing robust code-writing and inspection capabilities, there are still countless vulnerabilities in Microsoft operating systems, necessitating frequent "patching" to ensure system security. Simultaneously, cyberspace security threats are difficult to measure and verify. The generalization of security risks, combined with the concealment, virtuality, and transnationality of cyberspace, greatly increases the difficulty of measuring cybersecurity risks and verifying malicious behavior. In the field of traditional arms control, the characteristics of weapons and their launch time and location can be detected through certain technical means, which plays a key role in the attribution of responsibility. However, the effects caused by cyberattacks are often difficult to measure simply; many influencing factors are marked by uncertainty and can only be assessed after the fact. For example, the "Mirai botnet" incident, which caused a long-term blackout across the eastern United States, was actually caused by virus software developed by three students to attack gaming servers; its consequences and impact far exceeded the original intent of its designers. Furthermore, cybersecurity attribution is extremely difficult. The virtual and transnational nature of the network makes a large number of cyberattacks difficult to discover, and even if they are discovered, the attacking party can use various methods to maintain deniability. In existing cyberattack operations between states, almost no country admits to being the initiator. Due to the lack of evidence, the international community has no way to exert pressure; not only is it difficult to determine responsibility, but it also makes it difficult to effectively implement relevant norms, and bilateral or multilateral mutual trust in cyberspace is difficult to establish. Additionally, strategic maneuvering among major powers and unilateralism are other causes of the cyberspace security dilemma. Western countries, led by the United States, pursue unilateralist and hegemonist strategies in cyberspace, such as defining cyberspace as a "global commons" while strictly protecting their own cyberspace sovereignty, reflecting a clear double standard. This practice not only seriously damages the foundation of international cooperation but also prompts other countries to adopt similar unilateral measures, further exacerbating the adversarial trend in cyberspace.

Due to the characteristics of network technology and cyberspace itself, the cyberspace security dilemma—compared to the traditional security dilemma—possesses features such as asymmetry, cross-domain distribution, and normalized low-intensity conflict. First, there is a clear asymmetry between security threats and defensive measures in cyberspace. Cyberattacks are characterized by high concealment and difficulty of attribution; the cost of attack is relatively low while the cost of defense is extremely high. This "easy to attack, hard to defend" characteristic makes relevant states more inclined to adopt proactive offensive strategies rather than passive defense. For example, the "Stuxnet" incident demonstrated that even highly sensitive targets with relatively high security levels, such as Iranian nuclear facilities, find it difficult to effectively defend against cyberattacks. This offensive advantage prompts countries to gravitate toward developing offensive cyber forces to seek a proactive position in cyberspace.

Second, the cyberspace security dilemma is highly diffusive and cross-domain. The dual-use nature of network technology means that security issues in cyberspace are not limited to the traditional military field but also diffuse into the economic, social, and political spheres. For example, cybersecurity incidents such as "Cambridge Analytica" behind "hacker interference in elections" manifest not only as a profound impact on political and ideological security but also pose serious threats to economic security and personal information security. Furthermore, the rise of social media manipulation and information warfare has gradually blurred the boundaries between traditional and non-traditional security sectors, exacerbating suspicion and mistrust between states.

Third, the cyberspace security dilemma shows a trend toward the normalization of low-intensity conflict. Currently, cybersecurity incidents occur frequently, but few reach the legal threshold of "armed conflict" in traditional international law. Events such as the "Prism" ^[1] gates, Stuxnet, the Sony Pictures hack, and the "WannaCry" virus all indicate that sovereign state actors are operating in cyberspace with increasing frequency, employing more diverse means, targets, and motivations, leading to increasingly fierce conflicts. Some scholars define these cyber operations as low-intensity cyber conflicts. Although these low-intensity conflicts will not directly trigger large-scale war in the short term, their long-term erosive effect on international relations and mutual trust cannot be ignored. Because cyber operations carried out by states have not reached the level of triggering war, existing international law finds it difficult to impose effective constraints and norms upon them, resulting in chronic and frequent low-intensity conflicts. This easily leads to an increase in risk miscalculation between states, thereby constituting a hidden danger for conflict escalation.

The complex security dilemma in cyberspace leads to a greatly increased risk of strategic miscalculation between states, which in turn causes the possibility of cyber conflict escalation to rise continuously. This is especially true in the absence of rules and order in cyberspace, where both offensive and defensive parties are highly prone to miscalculation. For example, during the 2018 U.S. midterm elections, the United States launched an attack on the Russian Internet Research Agency (IRA), which was suspected of interfering in its elections, forcing it offline for a day. The U.S. side believed this was sending a deterrence signal, warning Russia not to interfere in U.S. elections. However, such a signal is not necessarily received and understood in the same way by the Russian side. As the party under attack, Russia might view such an attack as an "act of war" and therefore adopt more radical counter-measures, triggering a wider range of cyber conflicts.

The Impact of the Security Dilemma on the Construction of Cyberspace Order

The security dilemma has a deep-seated impact on the security, order, and stability of cyberspace. It not only promotes the militarization of cyberspace but also exacerbates the risk of cyberspace fragmentation; meanwhile, the process of rule-making in cyberspace is affected by the security dilemma, making it difficult to achieve substantive breakthroughs. The international community has long been unable to reach a basic consensus on cyber order. Furthermore, it is precisely because of the existence of the cybersecurity dilemma that the cyberspace order exhibits trends toward militarization, "Balkanization," and the failure of mechanisms and rules.

The trend of cyberspace militarization is becoming increasingly evident. This trend easily triggers arms races between states, leading to the continuous weakening of strategic mutual trust in the field of cybersecurity. Major powers all hope to safeguard their national interests and strategic security by occupying a dominant position in cyber military operational capabilities. This competitive mindset makes states more inclined to adopt offensive and adversarial strategies in cyberspace interactions rather than actively seeking cooperation. When states' perceptions of cyberspace tend toward pessimism and competition, it becomes difficult to form effective crisis management and conflict de-escalation measures. In the long run, the militarization of cyberspace has, to some extent, inhibited international cooperation, and the rule-making for global cyberspace governance has consequently fallen into a stalemate. Simultaneously, the asymmetry of cyber offense and defense makes it difficult to maintain cybersecurity solely through defensive measures, forcing countries to establish offensive cyber means. Major powers such as the United States, Russia, Britain, and France have all elevated the status of cybersecurity in their national strategies and increased investment in cyber military capabilities. For example, the United States established "Cyber Command" and upgraded it to a unified combatant command, explicitly proposing strategies of "defend forward" and "persistent engagement," while repealing original administrative restrictions on cyber operations. Similarly, Russia proposed strengthening the construction of cyber military forces in its "Information Security Doctrine of the Russian Federation," emphasizing active defense and strategic deterrence.

The risks of cyberspace fragmentation and "Balkanization" are intensifying. Cyberspace "Balkanization" refers to the characteristics of the internet splitting and diverging due to various factors such as technology, commerce, politics, nationalism, religion, and differing national interests. Under the cybersecurity dilemma, various countries have adopted data localization policies and strengthened cyberspace sovereign jurisdiction, leading the originally open and interconnected global cyberspace to gradually split into different digital geo-regions. For example, Russia's "Sovereign Internet Law" and its tests of disconnecting from the global web, the EU's "General Data Protection Regulation" (GDPR), and the U.S. attempts to "decouple" from China in the field of information and communication technology are all, to some extent, driving a trend toward bloc-formation in cyberspace. This trend not only increases the difficulty of global cyberspace governance but also seriously hinders the integrated development of the global digital economy.

"Balkanization" poses a serious threat to the cyberspace order. Its core lies in governments acting independently, formulating cyberspace policies according to their own concepts. This not only destroys technical compatibility and interoperability in cyberspace but also more easily triggers conflicts between states. On one hand, cybersecurity challenges are constantly increasing, with cybersecurity incidents such as large-scale surveillance, intelligence collection, intellectual property theft, social media manipulation, and vulnerabilities in critical information infrastructure emerging one after another; on the other hand, certain countries continue to push offensive cybersecurity policies. Especially after the Trump administration significantly adjusted its cybersecurity strategy on the grounds of so-called "hacker interference in the election," the United States adopted aggressive and destructive methods that dealt a huge blow to the already fragile process of constructing a cyberspace order, further exacerbating the vicious cycle between the cybersecurity dilemma and the "Balkanization" of order.

The incident of "hacker interference in elections" produced massive conflict, leading to the failure of the 2016–2017 United Nations Group of Governmental Experts (UNGGE) on Information Security to reach a consensus. Another consequence of this was the UN General Assembly’s establishment of the Open-Ended Working Group (OEWG) outside of the expert group mechanism to remedy the so-called lack of representativeness of the UNGGE. Subsequently, the OEWG formally replaced the UNGGE as the sole legitimate global cyberspace governance mechanism. In reality, this change failed to solve the problem of the effectiveness of the governance mechanism; the primary reason behind this is the mistrust between states triggered by the security dilemma. Due to the strategic mistrust and conflict of interests caused by the security dilemma, it is difficult for the international community to reach an effective consensus on international rules for cyberspace, and the construction of governance mechanisms has fallen into a long-term predicament. In practice, the cyber sovereignty of many countries has been repeatedly undermined, and interference in the internal affairs of other countries occurs frequently. In particular, when dealing with cyber conflicts, some countries often resort to unilateral sanctions rather than peaceful means.

The Impact of the Security Dilemma on the Construction of Cyberspace Order

The security dilemma has had a profound impact on the security, order, and stability of cyberspace. Not only does the security dilemma drive the militarization of cyberspace, but it also exacerbates the risk of cyberspace fragmentation; simultaneously, the process of formulating cyberspace rules has been affected by the security dilemma, making it difficult to achieve substantive breakthroughs, and the international community has long been unable to reach a basic consensus on cyber order. Furthermore, precisely because of the existence of the cyber security dilemma, the cyberspace order is exhibiting trends toward militarization, "Balkanization," and the failure of mechanisms and rules.

The trend of cyberspace militarization is becoming increasingly evident. This trend easily triggers arms races between states, leading to the continuous erosion of strategic mutual trust in the field of cybersecurity. Major powers all hope to safeguard their national interests and strategic security by occupying a dominant position in cyber military operational capabilities. This competitive mindset makes states more inclined to adopt offensive and adversarial strategies in cyberspace interactions rather than actively seeking cooperation. When various countries' perceptions of cyberspace tend toward pessimism and competition, it becomes difficult to form effective crisis management and conflict de-escalation measures. In the long run, the militarization of cyberspace has, to a certain extent, inhibited international cooperation, and the rule-making for global cyberspace governance has consequently fallen into a stalemate. At the same time, the asymmetry of cyber attack and defense makes it difficult to maintain cybersecurity solely through defensive measures, forcing countries to establish offensive cyber means. Major powers such as the United States, Russia, the United Kingdom, and France have all elevated the status of cybersecurity in their national strategies and increased investment in cyber military capabilities. For example, the United States established the "United States Cyber Command" and upgraded it to an independent unified combatant command, explicitly proposing strategies of "defend forward" and "persistent engagement," while rescinding original administrative restrictions on cyber operations. Similarly, Russia proposed strengthening the construction of cyber military forces in its Doctrine of Information Security of the Russian Federation, emphasizing active defense and strategic deterrence.

The risks of cyberspace fragmentation and "Balkanization" are intensifying. Cyberspace "Balkanization" refers to the characteristics of fragmentation and division appearing in the Internet due to various factors such as technology, commerce, politics, nationalism, religion, and divergent national interests. Under the cyber security dilemma, countries have adopted data localization policies and strengthened jurisdiction over cyber sovereignty, leading the originally open and interconnected global cyberspace to gradually split into different digital georegions. For example, the Sovereignty Internet Law issued by Russia and its testing of "disconnecting" from the global web, the European Union's enactment of the General Data Protection Regulation (GDPR), and the United States' attempt to "decouple" from China in the field of information and communication technology are all, to some extent, driving the trend toward bloc-alignment (阵营化) ^[2] in cyberspace. This trend not only increases the difficulty of global cyberspace governance but also seriously hinders the integrated development of the global digital economy. "Balkanization" poses a serious threat to the order of cyberspace; its core lies in governments acting in their own ways and formulating cyberspace policies according to their own concepts, which not only undermines technical compatibility and interoperability in cyberspace but also more easily triggers conflicts between states. On one hand, cybersecurity challenges continue to increase, with security incidents such as large-scale surveillance, intelligence collection, intellectual property theft, social media manipulation, and vulnerabilities in critical information infrastructure emerging one after another; on the other hand, certain countries continue to push forward offensive cybersecurity policies. Especially after the Trump administration significantly adjusted its cybersecurity strategy on the grounds of so-called "hacker interference in elections," the U.S. adopted aggressive and destructive methods that dealt a massive blow to the originally fragile process of constructing cyberspace order, further exacerbating the vicious cycle between the cyber security dilemma and the "Balkanization" of order.

The cyber security dilemma leads to the failure of cyber governance mechanisms and the fragmentation of rules. The cyberspace governance process promoted by the United Nations is often hindered by the cyber security dilemma. To address the challenges brought by cybersecurity, the United Nations set about establishing the UNGGE as early as 2004, intended to build a system of rules in the field of cybersecurity through the expert group mechanism to manage conflicts between countries in this field. However, as the most important governance mechanism in cyberspace, the expert group itself fell into various disputes; multiple sessions of the expert group not only failed to reach a consensus on results, but their own legitimacy and representativeness were also heavily debated. Major powers such as the United States and Russia have had serious disagreements on issues such as the application of international law, state responsibility, and countermeasures, leading the application of international law in cyberspace into a state of "pactophobia" (treaty phobia). Because of the huge conflict between the U.S. and Russia surrounding the "hacker interference in elections" incident, the 2016–2017 UNGGE failed to reach a consensus. A further consequence of this was that the UN General Assembly established the OEWG outside of the expert group to remedy the so-called lack of representativeness of the UNGGE. Subsequently, the OEWG formally replaced the expert group as the sole legitimate global cyberspace governance mechanism. In fact, this change did not resolve the issue of the effectiveness of the governance mechanism, the primary cause being the mistrust between states triggered by the security dilemma. Due to the strategic mistrust and conflict of interests resulting from the security dilemma, it is difficult for the international community to reach an effective consensus on international cyberspace rules, and the construction of governance mechanisms has fallen into a long-term predicament. In reality, the cyber sovereignty of many countries is frequently undermined, and interference in the internal affairs of other countries occurs from time to time. Especially when handling cyber conflicts, some countries often adopt unilateral sanctions rather than peaceful means.

Adjustment of Cyberspace Order Concepts Under Interactive Gaming

While the militarization of cyberspace, the formation of conceptual blocs, and the fragmentation of rules caused by the security dilemma have accelerated the disorder of cyberspace, the state and non-state actors deeply involved in it have, after experiencing continuous collisions and frictions, gradually begun to merge their corresponding governance concepts and paths. This explains why, while security risks in cyberspace are continuously increasing, the frequency of diplomatic crises triggered by them is steadily declining. At the same time, this also reflects a consensus among all parties regarding the reshaping of the cyberspace order.

Cyberspace possesses salient characteristics such as interconnection, blurred boundaries, and transnationality, which dictate that its governance cannot simply copy the traditional model of state sovereignty governance. Under the traditional model, state sovereignty is the core basis for governance, but in cyberspace, the rapid flow and transnational dissemination of information make it difficult for the governance power of a single country to effectively respond to various challenges. Global governance is the regulation of interdependent relationships in the absence of political authority. Since the Cold War, the main keynote of world politics is no longer limited to the mutual struggles of nation-states based on interest conflicts; instead, it focuses more on how various actors such as states, non-state actors, transnational corporations, and interest groups—in the context of a fragmented world and the absence of a world government—properly handle global affairs through mutual consultation, reconciliation of interest conflicts, seeking consensus, and striving for cooperation. Regarding cyberspace governance, the "multistakeholder" model is advocated to integrate multiple subjects including the state, the private sector, the technical community, and non-governmental organizations to jointly formulate international rules for cyberspace and promote the security and development of global cyberspace. As Joseph Nye pointed out, cyberspace consists of multiple governance mechanisms, among which Internet governance focuses on the technical level and is a subset of cyberspace governance; different governance mechanisms should be constructed according to different governance issues, allowing different actors to play a leading role.

The convergence of cyberspace governance concepts. Currently, the international community's cyberspace governance models are gradually moving from conflict toward convergence, and the value of the multistakeholder governance model is being progressively recognized. The continuous existence and intensification of the cyberspace security dilemma have made the international community gradually realize that independent actions by a single country or a small alliance of countries can no longer effectively respond to the complex and diverse challenges of cyberspace. To achieve strategic stability and the construction of order in cyberspace, the joint participation of the international community is required, promoting multi-party collaboration and institutional construction from the perspective of global governance. As a governance concept that transcends traditional international political models, global governance emphasizes the participation, collaboration, and co-governance of multiple actors; this characteristic highly aligns with the special governance needs of cyberspace, providing a new perspective and framework for the construction of cyberspace order.

In terms of cyberspace governance concepts, the two different cognitive models of "global commons" and "cyber sovereignty" are shifting from being independent of each other toward mutual understanding. The "global commons" refers to certain fields and regions worldwide that no single country can control individually but upon which all countries depend for survival; these public domains are the connectivity channels of the international system. The U.S. government views cyberspace as a virtual space created by humans with global commons attributes and has incorporated it into the U.S. Global Commons Strategy. In reality, however, the strategic goal of the U.S. is to establish hegemony in the global commons to seize space resources and power that have no clear national attributes; simultaneously, it aims to restrict U.S. competitors from entering these spaces to obtain political, economic, and military resources. A diametrically opposed view holds that cyberspace is built upon information infrastructure and exists between states and societies, possessing clear sovereign attributes. States have the responsibility to promote the development, maintain the stability, and protect the security of cyberspace, and they must also exercise power according to law to manage cyberspace, combat cybercrime, and protect information privacy. Therefore, cyberspace is not a so-called global commons; it is an important component of state sovereignty.

In the practice of global cyber governance in recent years, the continuous collision of various governance mechanisms has made the advocates of both concepts realize that neither model can completely, objectively, and comprehensively reflect the actual situation of cyberspace governance. Both governance models have certain periodicities and limitations; it has become a new trend for all parties in cyberspace to seek consensus on the basis of having different emphases while being mutually complementary—"Global South" countries are gradually accepting the "multistakeholder" governance model (on the premise that the role of the government is reasonably reflected), while developed countries are also gradually acknowledging the role of governments and intergovernmental organizations in cyberspace governance. For example, French President Emmanuel Macron proposed the Paris Call for Trust and Security in Cyberspace at the Internet Governance Forum (IGF) held in Paris, which generally reflects the EU's propositions in the field of global cyberspace governance, highly affirming the role of international law and maintaining that the UN Charter, international humanitarian law, and customary international law are generally applicable to cyberspace. The Paris Call for Trust and Security in Cyberspace reflects the trend of compromise and convergence between the traditional multistakeholder model and the principle of state sovereignty, and it also marks the awakening of the EU's autonomy in global cyberspace governance.

The convergence of paths for constructing the global cyberspace order. Although the state of gaming (博弈) ^[3] among various parties in the field of global cyberspace governance remains intense, positive aspects are gradually emerging. The governance paths of various countries are shifting from emphasizing their respective uniqueness based on different political, economic, and cultural backgrounds toward emphasizing the convergence of different viewpoints based on the objective attributes and laws of cyberspace. Furthermore, the international community has gradually realized that no single party can dominate the cyberspace governance process. The principles, concepts, and methods of global cyberspace governance need to be adjusted accordingly to adapt to the development of the situation. In summary, the overall goals of constructing a global cyberspace order include the following aspects.

First, build a balanced international order capable of accommodating the interests of all parties. The interconnected and shared nature of cyberspace dictates that zero-sum games are inapplicable; the security, development, and stability of cyberspace are common goals pursued by governments, the private sector, and non-governmental organizations alike. At the same time, the mutually restrictive relationship between these three issues—security, development, and stability—means that no single party can pursue its own absolute interests while ignoring the interests of other actors. On December 16, 2015, President Xi Jinping pointed out in his keynote speech at the opening ceremony of the second World Internet Conference: "In the information field, there are no double standards. All countries have the right to maintain their own information security. We cannot have one country's security at the expense of others, or some countries being secure while others are not, much less seek one’s own so-called absolute security by sacrificing the security of other countries."

Second, promote the integration of state-centered multilateral governance systems with multi-stakeholder governance systems. The 2003 World Summit on the Information Society (WSIS) established the Working Group on Internet Governance (WGIG) and later founded the Internet Governance Forum (IGF). A report released by the WSIS in 2005 defined cyberspace governance as "the development and application by governments, the private sector, and civil society, in their respective roles, of shared principles, norms, rules, decision-making procedures, and programmes that shape the evolution and use of the Internet." In practice, cyberspace governance manifests as one state-led multilateral governance model and another multi-stakeholder governance model led by enterprises and civil society. The state-led multilateral model uses the United Nations as its primary platform; the WSIS, the UN Group of Governmental Experts (UNGGE) on Information Security, and the IGF provide effective venues for nations to formulate and negotiate international cyberspace norms that align with their respective interests. Technical communities such as the Internet Corporation for Assigned Names and Numbers (ICANN) and the Internet Engineering Task Force (IETF), which are responsible for the allocation of critical internet resources and technical standards, are the primary advocates for multi-stakeholder governance. Although these two platforms are led by different actors, dialogue and exchange between them are becoming increasingly frequent, with each providing pathways for the other's participation. An increasing number of industry, NGO, and academic actors are participating in cooperative consultations on UN platforms. Simultaneously, the Governmental Advisory Committee (GAC) of ICANN has received increasing attention. This trend reflects a consensus for cooperation between state and non-state actors, laying the institutional foundation for the formation of international rules for cyberspace.

Third, achieve equal emphasis on the development of cybersecurity and the digital economy. The UN and other international organizations are gradually expanding their governance focus from pure cybersecurity issues to the coordinated development of digital economic growth and cybersecurity, reflecting the comprehensive and holistic nature of governance objectives. Since 2020, the UN has successively released several policy reports, such as the Roadmap for Digital Cooperation and Build Back Better: Towards 2030, emphasizing the importance of global digital economic development and cooperation, and calling for an enhanced discourse power and leadership in the formulation of international cyberspace rules. Driven by UN Secretary-General António Guterres, the UN has demonstrated its determination to lead the construction of a global digital economy governance system. The UN's focused promotion of global digital economic development issues will reset the agenda for global cyberspace governance, shifting the international community's focus from security to development, and from a singular dominance of cybersecurity to an equal emphasis on both cybersecurity and the digital economy.

The Chinese Solution for Constructing a Global Cyberspace Order

Faced with the realistic challenges of the cyberspace security dilemma and the disorder thereof, constructing a global cyberspace governance system has become a critical path. The virtual, transnational, and open nature of cyberspace means that security issues are no longer confined to a single country or region but have global impacts. As a responsible major power in the international community, China should play a constructive role in promoting the construction of a global cyberspace order, integrating Chinese wisdom and Chinese solutions into global cyberspace governance. It aims to promote the construction of a just and reasonable international cyberspace order based on national sovereignty and to jointly build a community with a shared future in cyberspace.

Lead the formulation of cyberspace rules with the concept of a community with a shared future in cyberspace. The concept of a community with a shared future in cyberspace proposed by China provides a new framework and solution for global cyberspace governance. This concept is based on respect for cyber-sovereignty ^[4], emphasizing international cooperation in cyberspace to jointly address challenges such as security, development, and stability. Building a community with a shared future in cyberspace possesses dual theoretical value: on one hand, it establishes the public attribute of cyberspace, emphasizing that all countries enjoy equal governance rights and must assume common responsibilities, taking a clear stand against technological hegemony and unilateralism; on the other hand, it reveals the necessity of international cooperation in cyberspace, calling on the international community to synergistically respond to cross-border challenges such as data security and cybercrime, and to work together to build an open, inclusive, and secure digital world.

The community with a shared future in cyberspace provides the basic architecture for cyberspace order. As the core idea of this concept, "respecting cyber-sovereignty" is the premise and foundation, providing all countries with equal status and rights to participate in global cyber governance. "Maintaining peace and security" is the basic guarantee, ensuring that cyberspace is not abused or destroyed. "Promoting openness and cooperation" is the path to achieving common development. "Constructing good order" is the goal and direction, aiming to establish a just and reasonable cyberspace governance pattern. These "Four Principles" are interconnected and complementary, jointly constituting the basic framework for building a community with a shared future in cyberspace. Meanwhile, the "Five Proposals" ^[5] map out the practical path, including: accelerating global network infrastructure construction to promote connectivity; creating online platforms for cultural exchange and sharing to promote mutual learning; promoting the innovative development of the network economy to promote common prosperity; ensuring cybersecurity to promote orderly development; and building an internet governance system to promote fairness and justice. This system of proposals covers five dimensions—infrastructure, platform construction, developmental momentum, security guarantees, and institutional design—forming a systematized governance solution.

Over the past decade, guided by the concept of a community with a shared future in cyberspace, China has extensively carried out multi-level cyberspace cooperation within the international community, signing numerous cooperation agreements with organizations such as the League of Arab States and the BRICS nations to jointly promote global digital governance and the formulation of international rules. For example, the China-League of Arab States Cooperation Initiative on Data Security and the BRICS Roadmap for Practical Cooperation on Cybersecurity are concrete practices of China’s promotion of a community with a shared future in cyberspace. Furthermore, through projects such as the Digital Silk Road, China provides assistance in capacity building and talent cultivation to countries along the route, promoting the common development of the global digital economy.

Important progress has been made in the construction of the community with a shared future in cyberspace. The year 2025 marks the tenth anniversary of the proposal of this concept. Through ten years of development, its connotation has been continuously enriched and its extension continuously expanded. Internally, it has become an important goal guiding the construction of a "cyber powerhouse" (wangluo qiangguo) ^[6]; externally, it has become the main direction for promoting the construction of a global cyberspace order. In this process, the concepts, goals, and subjects of building a community with a shared future in cyberspace have continuously evolved, forming a practical system that includes a "development community," "security community," "responsibility community," and "interest community."

The development community focuses on infrastructure connectivity and the co-construction of innovation ecosystems. Relying on the World Internet Conference, China has built a global digital technology exchange platform, pushing the governance of the "digital divide" from "equality of access" to a new stage of "capacity empowerment." In recent years, China has shared its digital development opportunities with the world by hosting events such as the China International Fair for Trade in Services (CIFTIS), the China International Digital Products Expo, the World Internet Conference Wuzhen Summit, and the World Artificial Intelligence Conference. China has promulgated and implemented regulations such as the Foreign Investment Law of the People's Republic of China, reduced the negative list for foreign investment access for several consecutive years, and sincerely welcomes enterprises from all over the world to develop in China. China has actively promoted the official entry into force of the Regional Comprehensive Economic Partnership (RCEP), the world's largest free trade agreement; actively applied to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP); and is comprehensively advancing negotiations for China's accession to the Digital Economy Partnership Agreement (DEPA). It has promoted the formulation of the G20 Digital Economy Development and Cooperation Initiative, co-initiated the “Belt and Road” Digital Economy International Cooperation Initiative, and proposed the Global Initiative on Data Cross-border Flow Cooperation.

Furthermore, Chinese enterprises are actively participating in international cooperation in the digital economy. Alipay has landed in more than 70 countries and regions, serving hundreds of thousands of merchants and practicing the Chinese solution of "green cycling" in hundreds of cities worldwide. Arab nations have drawn on China's experience in AI and digital payments to co-build the "Digital Silk Road" e-commerce platform. An increasing number of countries and regions participating in the Belt and Road Initiative are learning from China's digitalization experience, allowing local people to tangibly experience the convenience and benefits brought by the digital economy. Chinese enterprises have participated in multiple submarine cable projects connecting Africa with Europe, Asia, and the Americas; completed the construction of more than half of Africa's wireless stations and high-speed mobile broadband networks; laid a cumulative total of over 200,000 kilometers of fiber optics; helped 6 million households achieve broadband access; and served over 900 million African people. Rahamtalla Mohamed Osman, the Permanent Representative of the African Union to China, thanked China for actively helping other developing countries accelerate poverty alleviation and achieve sustainable development through digital technology. He stated that "South-South cooperation can build a more inclusive and sustainable digital economy."

The security community responds to the lack of a security architecture in the field of international cybersecurity by demonstrating how China promotes multilateral and bilateral cybersecurity cooperation. Within the UN, the Shanghai Cooperation Organization (SCO), BRICS, and the ASEAN Regional Forum, China has continuously called for the construction of a cyberspace security architecture and the establishment of trust mechanisms. It promotes timely information communication and crisis notification between states and non-state actors to prevent cyber conflicts from escalating into real-world conflicts, thereby maintaining peace and stability in cyberspace. China's National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT/CC) has established cooperative relationships with 274 Computer Emergency Response Teams (CERTs) in 81 countries, coordinating the handling of over 100,000 cybersecurity incidents annually since 2001.

Regarding major threats of cybercrime and cyber-terrorism, China firmly supports and promotes the UN Security Council's important role in international cooperation against cyber-terrorism. It participates in the work of the UN Commission on Crime Prevention and Criminal Justice and the UN Open-ended Working Group on Cybersecurity, promoting the discussion and formulation of global international legal instruments against cybercrime under the UN framework, thus contributing to the construction of a global legal framework for counter-terrorism in cyberspace. On December 24, 2024, China led and promoted the United Nations Convention Against Cybercrime, which is the first globally legally binding convention reached by the international community on combating cybercrime, marking a significant milestone in the development of international law in cyberspace.

At the same time, China has strengthened its efforts to jointly combat cybercrime activities with neighboring countries. In August 2024, China, together with Thailand, Cambodia, Laos, Myanmar, and Vietnam, released the Joint Statement on Strengthening Cooperation to Combat Cross-border Crimes under the Lancang-Mekong Cooperation Framework, advocating that member states prioritize cooperation in combating telecom-network fraud and various forms of online gambling. It encourages the law enforcement and security departments of the six countries to coordinate closely, promote information sharing, and strengthen border control. In September 2024, the Meeting of the Presidents of the Supreme Courts of China and Central Asian Countries held a special seminar on legal application issues and transnational judicial cooperation involving the fight against violent terrorism, drugs, corruption, and cybercrime, emphasizing the enhancement of regional international criminal judicial cooperation to jointly combat cross-border crimes. To date, China's cooperation with neighboring countries in combating cybercrime has resulted in the joint investigation and solving of hundreds of transnational cyber fraud cases.

The responsibility community promotes the improvement of global cyberspace governance mechanisms. First, China actively participates in the UN cyberspace governance process, promoting the establishment of a multilateral, democratic, and transparent international internet governance system.

In 2015, China submitted an updated draft of the "International Code of Conduct for Information Security" to the United Nations, representing the international community's first document to systematically expound upon norms of behavior in cyberspace. Within mechanisms under the UN framework, China actively promotes the roles of entities such as enterprises, universities, and industry organizations. Secondly, China actively participates in the formulation of rules for global digital governance. China emphasizes pursuing a path of global digital development characterized by cooperation and mutual benefit, promoting the improvement and effective interaction of multilateral mechanisms through the reform of global digital governance mechanisms. In September 2020, the Ministry of Foreign Affairs released the "Position Paper of the People's Republic of China on the 75th Anniversary of the United Nations," calling for cyberspace to be used to promote economic and social development, international peace and stability, and human well-being. Finally, China has taken the initiative to establish cyberspace governance mechanisms. Since 2014, China has hosted the World Internet Conference, building a platform for the global sharing and co-governance of the internet. In July 2022, the World Internet Conference International Organization was established in Beijing, marking the conference's evolution from an international event into a formal international organization and becoming another important subject participating in cyberspace governance.

A community of interests is dedicated to breaking through zero-sum game ^[7] thinking. Using the construction of the "Digital Silk Road" ^[8] as a vehicle, it forms flagship projects in fields such as e-commerce and smart cities, establishes technology transfer centers and digital talent training bases, and assists the growth of the digital economy in developing countries. Governance capacity and talent cultivation are essential components of global cyberspace governance, yet an imbalance exists in their international distribution. Capacity building generally revolves around cybersecurity policies and strategies, cyber-culture and society, cybersecurity education, training and skills, legal and supervisory frameworks, as well as standards, organization, and technology. This includes both the sound strategic design and legislation at the national level, as well as increasing the investment of enterprises and technical communities in the field of technical standards and enhancing public security awareness and knowledge. Following the developmental trajectory from industrialization and informatization to intellectualization ^[9], the concentration of technology and talent has become increasingly high. This creates a more disadvantageous situation for developing countries; in particular, with the development of technologies such as artificial intelligence in recent years, the "digital divide" between nations shows a trend of further deepening. Cybersecurity issues are a common challenge faced globally; risks and vulnerabilities in the cybersecurity domain of developing countries often produce knock-on effects for developed countries through the interconnectedness of digital space. It is particularly important to help developing countries improve their ability to respond to cybersecurity risks and to narrow the gap in cyberspace governance capacity between the North and the South. As a developing country itself, China possesses certain advantages in cyber-governance capacity and talent cultivation. It should, under the framework of the United Nations and other international organizations, carry out cooperation in cybersecurity capacity building and talent training projects to tangibly help the vast number of developing countries improve their cyberspace governance capacity.

Conclusion

In the present age, cyberspace is flourishing at an unprecedented speed, and the trend of global interconnection is becoming increasingly significant. This situation brings once-in-a-lifetime opportunities to the international community, but also unprecedentedly severe challenges. As a new domain of human activity, cyberspace has made the links between countries increasingly tight; information dissemination and sharing have reached an unprecedented degree, greatly promoting global economic development, cultural exchange, and social progress. At the same time, the cybersecurity dilemma has become increasingly prominent. This is manifested not only in direct threats such as cyberattacks, data breaches, and cybercrime, but also involves deep-seated issues such as national sovereignty, security, and development interests. Against the backdrop of globalization, any local problem in cyberspace may quickly spread globally, posing a serious threat to the peace and stability of the international community. To effectively respond to the cybersecurity dilemma and construct a global cyberspace order consistent with the concept of a community with a shared future in cyberspace, the only way forward is to promote global governance characterized by the participation and collaboration of multiple stakeholders. This path transcends the traditional sovereign state governance model and is better suited to the special requirements of cyberspace. Under this concept, states, the private sector, technical communities, and non-governmental organizations in the international community should all assume their respective responsibilities and form a synergy.

Looking to the future, global cyberspace governance will mainly exhibit three trends. First, the further integration of state-led and multi-stakeholder models. Countries are gradually accepting the multi-stakeholder model, recognizing the important roles of the private sector and technical communities in cyberspace governance, while simultaneously emphasizing the coordinating role of governments to form a global governance model of "government guidance and multi-party participation." Second, the trend toward the integration of security and development issues will become more evident. Cyberspace governance will no longer focus solely on cybersecurity issues; development issues such as digital economic development, data privacy protection, and bridging the "digital divide" will gradually become important components of governance, promoting the formation of a virtuous cycle between security and development. Third, the trend toward the specialization and diversification of governance mechanisms will strengthen. As the complexity of cyberspace issues increases, governance mechanisms will become more specialized and diverse—for instance, governance mechanisms specifically targeting emerging technologies such as artificial intelligence, quantum computing, and blockchain are gradually emerging to adapt to the constantly changing situation in cyberspace.

Faced with the common challenges of cyberspace, no country can remain an island; global cooperation and co-governance are the only feasible paths. Only through the joint efforts of the international community, guided by the concept of global governance, and by comprehensively advancing international legal rules, crisis management mechanisms, technical standard cooperation, and capacity building, can we effectively resolve the cybersecurity dilemma, promote the effective construction of a global cyberspace order, and achieve the peace, stability, and sustainable development of global cyberspace. This is not only the common responsibility and mission of all countries but also an inevitable requirement for the development of human society.

(The author is a professor at the School of Political Science and International Relations, Tongji University) Source: Frontiers (Academic Edition of People's Tribune), Issue 13, 2025 Network Editor: Ma Jingren