China continues to raise the heat in its dispute with the Philippines over the sovereignty of Scarborough Shoal/Huangyan Island. On Monday, He Jia, an anchor on China’s state-run CCTV, mistakenly declared that “China has unquestionable sovereignty over the Philippines” rather than just over the disputed island. On Tuesday, Chinese Vice Foreign Minister Fu Ying warned a Philippine diplomat that China was fully prepared to do anything to respond to escalation. Deep-water drilling has begun near islands in the South China Sea and Chinese travel agencies have reportedly suspended tours to the Philippines. Chinese netizens are fully in support of the claims, and have in many instances criticized the Ministry of Foreign Affairs for not taking more assertive action.

As with previous territorial disputes in East Asia these days (see China-Vietnam, China-Japan, and Korea-Japan), the political, diplomatic, and military maneuvering has a cyber component. On April 20, Chinese hackers attacked the website of the University of the Philippines. The next day, Filipino hackers struck back with the defacement of Chinese websites. On the 23rd and 24th, the two sides again traded tit-for-tat attacks (a very useful timeline up until April 30 can be found here). Attacks have continued over the last week; today attackers pasted the Chinese flag on the website of the Philippines News Agency.

From almost the beginning of the attacks, the Philippines government has called for both sides to stop. On April 22, a Philippines government spokesperson said, “We call on citizens, including ours, to exercise civil temperance.” On April 25, the Philippines’ Department of Science and Technology and Information and Communications Technology Office declared that the attacks were neither sanctioned nor condoned, and on May 10 a spokesman went further in warning that such attacks “will not benefit anyone and could possibly lead to bigger problems in the future for the Philippines and China and escalate the already tense situation at Panatag Shoal (Scarborough Shoal).” This is not a misplaced worry as freelance attacks could make it much more difficult for the two sides to communicate and signal intentions.

Unfortunately, there has been silence from Beijing on the issue. China’s leaders seem to be embracing the conflict, or at least the prospect of conflict, as a welcome distraction from the problems of Chen Guangcheng and Bo Xilai. As Michael Yip and Craig Weber argue, the Chinese government – after years of enrolling students in patriotic education that stresses a history of national humiliation – needs to align itself with and divert away from nationalistic responses to real and perceived slights. Political hacking acts as a diversion–venting resentment away from the regime, focusing web users’ ire on outside actors, and maintaining the government’s nationalistic credentials.

When China’s Minister of Defense General Liang Guanglie was at the Pentagon this week, he talked about how China wanted to work to improve cybersecurity. Beijing could gain a great deal of credibility by doing what the Philippines has done: call on both sides to stop the attacks.

Joseph Nye has an interesting article in the Winter 2011 issue of Strategic Studies Quarterly that applies some of the lessons of the nuclear age to cybersecurity. It is well worth the read, and I thought I might try the same, using what we know about the study of Chinese technology policy to shed some light on China and cyber.

Linking cyber and technology policy is a form of techno nationalism that is widely and deeply held by Chinese policymakers. The objectives are clear: China does not want to depend on other countries for critical technologies, the United States and Japan in particular. The 2006 Medium to Long Term Plan on Science and Technology (MLP) puts it plainly: “Facts have proved that, in areas critical to the national economy and security, core technologies cannot be purchased.” The Chinese tend to see the current system as, if not unfair, then stacked against them, and so commentaries often focus on competitors’ unfair advantages (U.S. firms dominate hardware and software sectors, 10 of the 13 root servers in U.S.) and China’s victimization (China is the biggest victim of cyber crime).

With both cyber and technology, outside observers have a tendency to overstate how driven by the center China really is. Yes, the MLP sets the goal of China becoming an “innovative nation” by 2020 and a “global scientific power” by 2050. Not surprising given Chinese history and national security concerns. But the document is of two minds about how to move up the value chain, including both a top-down, big-science and technology policy as well as a bottom-up, entrepreneurial innovation strategy. In cyber, we tend to see China pursuing a coherent cyber strategy that involves pushing an Information Security Code of Conduct at the United Nations, the use of patriotic hackers, information war, and tight Internet control. Chinese analysts see the opposite, complaining that the U.S.—with the standing up of Cyber Command and promotion of the Internet Freedom agenda—has put China on the defensive and that Beijing is falling behind in cyberspace.

There is also a question of how strategically China can implement. The world of technology policy is one of sectoral and regional differentiation, with industries and provinces interpreting national regulations to serve their own interests. Ministries, universities, and government research institutes behave similarly, and Chinese firms often identify more with their Western competitors than with their local bureaucratic partners. It is hard to imagine that the Ministry of Public Security, Ministry of State Security, PLA, and Ministry of Industry and Information Technology play any nicer together in the sand box of cyber policy.

The prolific rate of cyber espionage—what Cyber Command head General Alexander called “the greatest transfer of wealth in history“—raises questions of China’s absorptive capacity. With technology imports, Chinese firms historically spent much less than Japanese and Korean companies did for diffusion and absorption. What is China doing with all of the IPR it is allegedly stealing, and shouldn’t we start to see it paying off in more competitive Chinese firms? Not much public evidence exists that it is helping Chinese companies move up the value chain (most evidence in the public domain is old fashioned theft, see DuPont, Motorola, and American Semiconductor).

Finally, technology policy may tell us something about what might work for cyber, although progress, especially in protecting intellectual property rights, has been glacially slow and uneven. The issue must be raised at the highest level, including by the President and Vice President, something that it is not clear has happened yet. Multilateral pressure should also be applied. China backed down from the compulsory introduction of WAPI, an alternative to WiFi, after the U.S. government, supported by Japan and the EU, threatened to take a case to the WTO.

Given the current state of the U.S.-China relationship in cyber, glacially slow and uneven might be an improvement.

Over the last week, supporters of Tibet, and the merely curious, have seen information warfare up close. On Twitter, several hundred bots (automated programs that generate content) flooded discussions using the hashtags #Tibet and #Freetibet with meaningless tweets and spam. If you were someone trying to learn more about Tibet, you kept bumping up against these threads, and eventually you may have given up and moved on to some other subject. This is cyber as a weapon of mass distraction. Twitter eventually began to filter out the bots, and the spam was cut off to a trickle.

More malevolently, Tibetan activists have been threatened on Twitter. The poet and blogger Woeser was repeatedly reminded that Ai Weiwei was arrested by one Twitter user, suggesting that she should meet the same fate. In addition, the Central Tibet Administration, International Campaign for Tibet, and others were targeted by malicious emails. Visitors to Tibetan websites could also be infected by malware.

As with all hacking and activism, it is hard to say with any certainty who is behind these actions, though there is a history of apparent Chinese attacks on Tibetan targets (see the 2009 GhostNet investigation). We don’t know the IP addresses of the people who set up the Twitter bots, and even if we did, they can mask their true location with proxies. In this instance, Si Dawson, the programmer behind Twit Cleaner, a program that monitors and cleans Twitter feeds, told me that the spam types were disparate, suggesting that there were several different people or groups involved, but a smart spammer can set up 20,000 bots by himself.

How are we to interpret these actions? First, it is a reflection of China’s lack of “soft power.” Chinese officials have responded to the over two dozen Tibetans who have set themselves on fire to protest conditions in Tibetan regions by saying that these people are “criminals” and “directly connected with the Dalai clique’s inciting of popular feelings overseas.” These arguments are not likely to resonate with most Western audiences. I wonder if the explosion of attention and interest in arresting the Ugandan warlord Joseph Kony, generated through social media, spooked Chinese policymakers. Who’s to say that Tibet is not the next issue to trend? These types of Twitter attacks (see Brian Krebs‘ post about them during the Russian parliamentary election) are likely to become more widespread, though less effective, as Twitter develops even better ways to control.

Second, even if you think the Internet is being balkanized—splintering from a global platform to regional or national intranets—there is still significant spill over. National actors believe they have a real interest in trying to shape discussions in other cyberspaces, witness China and Twitter as well as the White House’s announcement this week that it was issuing guidances that would make it easier to transfer software and services that “support the free flow of information to citizens of Iran.”

This point shades over into my last. We have a tendency to talk about the cyber problem in U.S.-China relations—cyberwar and cyberespionage. But this week reminds us that what we are often also talking about is really a conflict over information. Cyber is just the means.

Yesterday the U.S.-China Economic and Security Review Commission (USCC) released the second report prepared for it by Northrop Grumman on Chinese cyber capabilities. As numerous press reports noted, Occupying the Information High Ground  argues that China’s improving cyber capabilities pose a threat to the United States military, that China could target U.S. logistic and transport networks in the case of a regional conflict, and that Chinese IT companies ZTE, Datang, and Huawei all have close collaborative ties with the People’s Liberation Army (PLA).

The report does a good job of bringing a great deal of Chinese-language and open-source information together, and is especially useful in laying out how information security research is funded in and conducted by military and civilian universities. Much of the discussion, however, about how China thinks about computer network operations, the growing links between defense and civilian industries, and the threats to the supply chain has been done before (James Mulvenon is particularly good on Chinese thinking about seizing the information advantage and the “digital triangle“; Tai Ming Cheung’s Fortifying China is an exhaustive study of China’s efforts to build a dual-use industrial base; and CFR held a workshop on some of the vulnerabilities that stem from sourcing hardware and software from all over the world in January 2011).

The specific findings of the report are useful and important, but we should remind ourselves of four things. First, it is easy to forget that much in the report is about aspirations, what the PLA hopes to accomplish, and that we are less certain about how capable it truly is. The report does not shy away from this point, quoting senior PLA officials who provide “blunt assessments of the shortcomings still being experienced” and who suggest there are “contradictions”  between the Chinese and Western media portrayal of PLA operational success in training with “a different reality on the ground.” The gap between aspirations and capability is often lost in the report through a stream of descriptions of what PLA writings say the Chinese military could or might want to do to U.S. networks. By contrast, Desmond Ball of Australia National University argues that “China’s cyber-warfare authorities must despair at the breadth and depth of modern digital information and communications systems and technical expertise available to their adversaries.”

Second, and again the authors make this point, Occupying the Information High Ground is not a net assesment. It makes no effort to “detail possible countermeasures and network defense capabilities that the U.S. military and government may employ that could successfully detect or repel the types of operations described.” Or as one senior DoD official told Reuters, “We’re cognizant of those capabilities, of course, and are working on ways to add to the tools we already have to respond to them if necessary.” We should remember that the United States is not standing still—as Deputy Secretary of Defense Ashton Carter said at the RSA conference last week, “No moment in all those [budget] deliberations was it even considered to make cuts in our cyber expenditures. . . ships, planes, ground forces, lots of other things on the cutting room floor; not cyber.”

Third, as most of the writings cited in the report demonstrate, we know a lot more about Chinese thinking at the tactical level and much less about how the central leadership understands the political or strategic implications of a cyberattack on U.S. interests, especially one on critical infrastructure. The report notes that “the decision to move beyond strictly military targets for network attack operations would likely be made at the highest levels of China’s military and political leadership because of the recognized dangers of escalation that such a move presents.” How certain can leaders on either side of the Pacific be that it is possible to limit network attacks to “strictly military targets”? If the strategic is always a possibility in the tactical, then we need better insight into what central leaders in Zhongnanhai understand about and expect from cyber operations.

Finally, shadowing the report is the question of what the U.S. policy response should be. The report does not spend much time discussing cyber espionage threats (which was covered more expansively in the previous report, Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation), but it does suggest that continuous exfiltration of data from U.S. government networks exacerbates military instability:

To the extent that the PLA and civilian intelligence organizations have been carrying out long term CNE [computer network exploitation] against U.S. networks without retribution or hard evidence of public attribution, Chinese leadership may be emboldened toward greater risk-taking for preemptive network-based attacks or penetrations, potentially increasing the dangers of miscalculation and unintended second and third order effects that lead the United States to escalate the crisis or respond in ways that PLA leaders may not have anticipated.

As I argue in my recent Foreign Affairs article, Chinese Computer Games, raising the costs and calling the perpetrators out is part of a strategy that will include bilateral and multilateral discussions on rules of the road for cyber, capacity-building, deterrence through denial, and possibly trade or other sanctions. Even using all these policy tools, it is going to take a long time; Chinese-based cyberattacks will not disappear anytime soon.

When people warn of growing cyber insecurity they are often referring to the threat of an arms race, countries trying to outdo each other in the development of offensive weapons and defensive technologies. This is certainly a real risk, but the greater threat to Asian regional stability may not be from technology, but the spread of an organizational framework.

Keio professor Motohiro Tsuchiya has written a commentary (h/t David Wolf) suggesting that Japan needs to establish a cyber militia in order to defend itself from attacks. Offense will always have the upper hand over defense, Tsuchiya argues, so the government will always struggle to keep up. The majority of expertise is in the private sector, and government salaries will never be competitive enough to attract and retain the talent needed. What can Japan do but appeal to patriotism? “Success hinges on whether the government can secure patriotic geeks.”

There has been similar discussion in India. In November 2011, Information Technology Minister Kapil Sibal called for a community of ethical hackers to help defend Indian networks since “the resource pool of them is very limited in the world.” India has also reportedly been considering using patriotic hackers for offensive operations. The Times of India reported a high level meeting in August 2010—chaired by National Security Adviser Shiv Shankar Menon and attended by the director of Intelligence Bureau as well as senior officials of the telecom department and IT ministry—that considered recruiting and providing legal protection to hackers who would be used to attack the computers of hostile nations. During a visit that October, several security experts in Delhi told me that NTRO officials were soliciting hackers on websites and electronic bulletin boards.

China, of course, is widely suspected of using patriotic hackers and cyber militias for defense and offense. According to the Financial Times, Nanhao Group, a web company outside of Beijing, has departments tasked for attacks and defense, and this Chinese report mentions cyber militias in Tianjin’s Hexi District. Recent intelligence leaks and private security reports about cyber espionage suggest that the Chinese government backs or directs the majority of espionage attacks on Western and Japanese technology companies, with hackers clocking in and out between 9am and 5pm Chinese time.

The talent concern is real, but addressing the problem through cyber militias would be profoundly destabilizing for the region. Militia members may one day walk out the door and not only use their skill and knowledge against other states without authorization, but may also turn them back on home networks. Military planners would also have to worry, especially during a crisis, that militias might ignore orders or target off-limit networks, increasing the risk of escalation and decreasing ability to signal intent to the adversary.

The plausible deniability of patriotic hackers is one of their biggest selling points; states can claim they know nothing about attacks and can do little to stop them. Technological changes that make attribution easier, or other forms of intelligence that have the same impact, would do a great deal to make cyber militias less attractive to policymakers. In the short term, if regional leaders are not going to fight the urge to mobilize their own militias, they at least need to ensure that they know who they should be talking to on the other side if a crisis breaks out and they must be able establish clear lines of communication. In the longer term, ASEAN or other regional groupings would be wise to promote a norm of state responsibility for cyberattacks emanating from within a country’s borders. As the Atlantic Council’s Jason Healey argues, developing this norm will involve state-to-state negotiations and capacity building as well as diplomatic, economic, intelligence, and, possibly, military responses.

Patriotic geeks might be the answer to a lot of policy challenges. But in terms of cybersecurity, it may be best to either bring them completely into the fold, or keep them at arms length.

Two recent studies of national cyber power have placed China near the bottom of the table. China is number 13 on the EUI-Booz Allen Hamilton Cyber Power Index, behind Argentina, Mexico, and Brazil but better off than Russia, Turkey, South Africa, and India (the United Kingdom, United States, and Australia are the top three). The Brussels-based Security & Defence Agenda groups China with Italy, Russia, and Poland in the fifth tier (the U.S. and the UK are in the third tier, below Finland, Sweden, and Israel; the top group is empty).

These are very subjective studies based on interviews, surveys, and vague metrics. Still, they cut against the grain of popular perceptions. If you were just paying attention to the almost weekly reporting in the Western press about alleged Chinese cyber espionage, you could be forgiven for thinking that China ruled the cyber waves. Yet recent writings in the Chinese press have more of a “China is vulnerable” flavor and suggest that analysts, if not characterizing the country’s cyber strategy as weak, think there is a great deal of work that remains to be done.

The work ahead is both defensive and offensive, technical and strategic. Zhang Yongfu, a professor at the PLA’s Information Engineering University, told the PLA Daily that the “cybersecurity situation” was in its early stages.  As with every other country, deciding which bureaucracies should be involved in defense and coordinating among them is difficult; cyber management, in Zhang’s words, is fragmented and ineffective.  Since a cyber event could develop over hours if not minutes, policymakers must seriously wonder if the People’s Liberation Army, Ministry of Public Security, Ministry of State Security, and Ministry of Industry and Information Technology can successfully coordinate their roles during a crisis.

Chinese analysts are also grasping with the conundrum that if you wait until you see a problem in your networks, it may already be too late. The Pentagon’s Strategy for Operating in Cyberspace says it will employ “active defense”— “synchronized, real-time capability to discover, detect, analyze, and mitigate threats and vulnerabilities.” Former Deputy Secretary of Defense William Lynn III compared this to combining a sentry and a sharpshooter. This article on China National Defense News also uses the concept of active defense (积极防御), involving a reliance on cyber reconnaissance and surveillance as well as the realization that defense must be conducted at “all times and all places”, which could be read to mean “defense” in other countries’ networks.

As with most articles about cyberspace, there is a fear that China could lose control over information “nodes and infrastructure” and outside powers could distribute rumors that mislead the public. The growing dependence of the military on networks is a new vulnerability as other powers are preparing to sabotage network command, control, communications, and intelligence systems. Technology is a big concern in all of these articles: the United States has it, China does not. There are also discussions about how the PLA and others can attract and retain hacking talent.

What to make of these assessments? Someone is bound to find a quote from Sun Tzu (Here’s an easy one: “All warfare is based on deception; when we are able to attack, we must seem unable”) and suggest that these articles are meant to confuse, mislead, and lull the United States into a false sense of security. Maybe these articles are primarily focused on domestic audiences, signaling to the Chinese public that the leadership is not standing still while the United States develops a cyber strategy, or perhaps to various domestic institutions and actors that they need to get on board with the emerging strategy.

Perhaps the simplest explanation is that Chinese policymakers fear that they really are at the bottom of the table. Despite outside perceptions of the coherence and efficacy of Chinese cyber strategy, Chinese analysts are feeling increasingly vulnerable in cyberspace.

This week the China-watching twitterverse was surprised to discover that Hu Xijin, the editor of the Global Times, was now tweeting. That the editor of the Global Times, an “angry government mouthpiece”  that supports China’s policy of Internet censorship, was accessing a site blocked in China raised a few eyebrows and provoked several people to ask what VPN (a Virtual Private Network) he was using to evade the controls. Somewhat defensively, Hu responded to a characterization of him by The Wall Street Journal‘s ChinaRealTime blog as a “staunch defender of China’s need to censor” by tweeting that he supported the gradual lifting of controls and believed “speech freedom is inevitable in China.”

A very long discussion in the December 2011 issue of Foreign Affairs Review, the journal of the Foreign Affairs University, provides some context for what Hu’s tweeting might be about. The article, entitled “Global Politics in the Web 2.0 Era” is a discussion about how communication technologies are changing politics. The cases cited are the usual ones—the protests after the Iranian elections, the Arab Spring, SMS being used to organize protests against Philippine President Joseph Estrada, the Obama campaign’s use of Facebook and other social media—and political dynamics described are also now well known—web 2.0 empowers the individual to spread information, flattens hierarchies, and lowers the cost of mobilizing groups. Democratization and the growth of civil society are trends difficult to control, and as a result China must have a strategy for bringing about gradual change.

Online expression by Chinese netizens, according to the article, can be “immature, aggressive, or empty.” But if China can develop an effective legal system and internal controls, resolve complaints from society, urge people to contribute policy suggestions and better understand national conditions, and strengthen the capacity of the state and the Party, then web 2.0 technology should be viewed “at least [as] an opportunity that outweighs the challenges.”

There is a foreign policy component of the strategy as well. China must defend its Internet sovereignty. It must raise cybersecurity. It must be on guard against a Wikileak-style strategic crisis. It has to be vigilant against malicious rumors and outside interference. China must oppose America’s Internet Freedom agenda, but it also must do more than be reactive. The Chinese government must develop a diplomacy 2.0. The United States and Europe are already using microblogs like Sina Weibo to spread their message within China. During bilateral exchanges, diplomatic negotiations, and international conferences, Chinese officials should use Facebook, Twitter, and YouTube to spread their policy views. Use of social media will be an important part of building soft power.

Two years ago the Beijing-based techology analyst Bill Bishop argued that it would be hard for China to build soft power successfully without a global Internet strategy: hard to win hearts and minds when you censor Twitter and Facebook, language would be a barrier, and no major Chinese Internet firms would succeed in foreign markets. This seems right, but perhaps the Chinese have lowered their sights. The goal may be to stay safely in the Chinese Internet (and ensure the safety of the Chinese Internet from the outside) while only occasionally dipping in and out of the Internet in the West. At this point it is hard to tell if Hu Xijin thinks he can actively engage outside of China. As Tom Lasseter notes, right now Hu is only following one account on Twitter: The Global Times.

There has been a great deal of thinking and writing about why deterrence is difficult in cyberspace. Attacks can be masked, or routed through another country’s networks. Even if you know for sure the attack came from a computer in country X, you cannot be sure the government was behind it. All of this creates the attribution problem: It is hard to deter if you cannot punish, and you cannot punish without knowing who is behind an attack. Moreover, much of the cyber activity is espionage and it is hard to imagine a government threatening military action for the theft of data.

China Defense Daily lays out some of the reasons why Chinese experts think deterrence is hard, or to be more specific, why the U.S. military will have difficulty achieving its deterrence aims. First, though, the article addresses all the “advantages” the United States brings to the table: resources (10 of the world’s 13 root servers are in the United States); technology (operating systems, databases, processors, microchips, network switching, and other core technology are all “in the hands of American companies”); power (there is a large gap between the U.S. and others in the development of weapons, investment, the training of talent, and the scale of armed forces).

Despite these strengths, the article see the U.S. as being unable to secure its networks. The announcement of the Defense Department’s Strategy for Operating in Cyberspace, in the Chinese view, encouraged other countries to develop their own offensive capabilities. Attribution is hard, and providing proof of who is behind an attack that would convince others is still extremely difficult. Detection and monitoring capabilities in cyberspace are underdeveloped so it is a real question whether the U.S. military can detect, provide warning of, and deter an attack before it happens. Finally, if the United States decides to retaliate through offensive cyberattacks, it can have no certainty about the outcomes. The impacts on networks are often limited and can be quickly recovered from.

U.S. intelligence officials are going to AP and The Wall Street Journal and telling them they have identified the specific Chinese groups behind attacks on Google, RSA, and other companies is an attempt to diminish Chinese confidence that they can remain hidden and, thus, strengthen deterrence. Going further down the hall of mirrors, it may be that the purpose of the article in China Defense Daily is to undermine these U.S. efforts. Can Washington believe that it has achieved a credible deterrent if the potential adversary keeps saying it is not possible?

What deterrence is in cyberspace and how it is achieved is exactly the type of discussion the United States needs to be having with China. This article’s use of deterrence (威慑, wei she) is reflective of the Chinese definition, which can be more expansive and normative than the American use, encompassing threat or menace. As far as I can tell, cybersecurity discussions have only (officially) been happening once a year at the U.S.-China Strategic and Economic Dialogue. Cyberspaces is of course a strategic and economic issue, so it makes sense to have a whole of government approach. Still, given the distance between Washington and Beijing, and the speed at which the issue is developing, the Pentagon and the PLA should be speaking as frequently and in as many fora as possible.

The body of North Korean leader Kim Jong-il lies in state at the Kumsusan Memorial Palace in Pyongyang. (KCNA/Courtesy Reuters)

If there were one word to describe Asia in 2011, it would likely be tremors—not only the physical ones that devastated Japan, but also the political ones that reverberated throughout the region shaking India, China, and Thailand, waking up Burma, and further unsettling North Korea.

1.  So Long Earthlings

After a stroke in 2008 and years of poor health, Kim Jung-il was not long for this world. Yet few anticipated that the Dear Leader’s 17-year ruinous reign would end in December 2011 due to the “great mental and physical strain caused by his uninterrupted field guidance tour” while sitting on a train. With his platform shoes, puffy hair, and love of film, he was an easy target for others’ mockery (see Greetings, earthlings, a classic cover from The Economist). Yet he consistently managed to outmaneuver Washington, Beijing, Tokyo, and Seoul—testing nuclear devices, launching missiles, and demanding food and energy aid—all the while impoverishing his country. It is too early to predict whether Kim Jung-un, Kim Jong-il’s inexperienced and untested son and heir, will do anything differently—the rest of the world and the North Korean people, in particular, can only hope.

 2.  Wukan, Wenzhou, and Dalian

People protesting in China should no longer provoke surprise. After all, the country reportedly lodged 180,000 mass demonstrations in 2010 alone. Yet in 2011, three protests, in particular, reminded us of just how varied and challenging these demonstrations can be for Beijing. In July, the crash of a high speed train in Wenzhou in southern China led to a virtual protest on China’s Internet. As the government appeared to try to bury the evidence, cell phone pictures, texts, and tweets made any attempt at a government cover-up futile, embarrassing Beijing and forcing a more transparent investigation of the incident. The following month saw a middle-class march in the prosperous northern city of Dalian over inadequate safeguards at a local Paraxlyene factory. With protestors numbering somewhere between 12,000 (the official number) and 70,000, the government capitulated quickly, agreeing to shut down and relocate the factory. Nothing seems to frighten officials more than a peaceful but committed group of middle-class protestors…except perhaps a radicalized group of rural demonstrators. In December, the small village of Wukan caught the world’s attention as the residents took control of the village, calling for an end to illegal land sales and rigged elections, and an investigation into the suspicious death of one of their leaders. After a week-long standoff, provincial officials negotiated a settlement granting the villagers all their demands. The 2011 take-away for the Chinese people may well be: protest and ye shall receive.

3.  Waking the Middle Class

For much of the year, Anna Hazare held the Indian media and people captive as he pushed Delhi to create an independent anti-corruption agency. Throughout the summer, tens of thousands of Indians joined Hazare’s anti-corruption protests in Delhi, Mumbai, Hyderabad, Bangalore, and elsewhere, upending one of the commonly accepted precepts of Indian politics: the middle class is uninterested in and alienated from political life. After badly mismanaging the protests, briefly arresting Hazare, and detaining over 1,000 of Hazare’s supporters, the government conceded to his demand to create an oversight agency or Lokpal. Hazare has criticized the resulting legislation as too weak, while critics of Hazare argue that the last thing India needs is another massive bureaucracy. No matter the specific outcome of the bill, one thing is certain: Indian politicians can no longer afford to ignore the middle class.

4.  Coming in from the Cold

For pure political drama in 2011, nothing can top Burmese President Thein Sein’s surprising spate of political proposals. He released hundreds of political prisoners, halted construction of the unpopular Chinese-backed Myitsone Dam, initiated political reconciliation with jailed opposition leader and Nobel Peace Prize winner Aung San Suu Kyi, and opened the door to diplomatic discussions with U.S. Secretary of State Clinton. The President has promised more to come in 2012; let’s hope he continues to deliver.

5.  The Hard Landing that Wasn’t…Yet

The second half of 2011 was marked by increasing scrutiny of the Chinese economy, as observers looked for signs that a tipping point had been reached. The bears looked to inflation in wages and food prices, a growing property bubble, local government debt, as well as wasteful central government investment, low consumption, and falling exports. Others were more sanguine about the Chinese leadership’s ability to manage their economy, arguing that the long-term fundamentals were strong even if the country had to endure short-term bumps along the way. Expect the debate to continue through 2012.

 6.  The Pivot

The talk of the summer in Asia was all about “the Pivot.” A growing sense of concern over assertive Chinese rhetoric and naval activities provoked a number of Asian countries to seek deeper engagement with the United States. As America’s involvement in Iraq and Afghanistan wound down, President Obama and his Asia team moved quickly to capitalize on the opportunity to strengthen traditional Asian alliances and forge new ones. In just a few short months, the U.S. achieved a significant upgrade in military relations with Australia, advanced a regional free trade agreement, the Trans-Pacific Partnership (TPP), joined the East Asia Summit, and even engaged in a diplomatic dance with Burma. Pivoting will likely turn out to be the easy part; staying the course as U.S. fiscal pressures increase and making real progress on regional trade and security issues will be the true measure of America’s commitment.

7.  The Return of the Shinawatras

Last July, Thailand’s poor and lower classes elected the country’s first female prime minister Yingluck Shinawatra, sister of ousted premier Thaksin Shinawatra—an election our colleague Josh Kurlantzick has called perhaps “the most important in the country’s history.” Yingluck has already received criticism for her handling of Thailand’s worst flooding in five decades, but her greatest challenge likely will come next year when her brother Thaksin may return to the country. Deposed in a coup in 2006 and later convicted of corruption, Thaksin remains a politically polarizing figure, intensely disliked by many in the country’s bureaucratic and military elite. How Yingluck manages her brother’s return is not merely a question of smoothing politically roiled waters, but also of her own political fate.

8.  Cyber Crime Takes Center Stage

As the list of cyberattack victims continued to grow in 2011—RSA, Lockheed Martin, Northrop Grumman, Sony, the IMF, and the U.S. Chamber of Commerce, among others—cybersecurity expert Dmitri Alperovitch quipped that there were two types of companies: “those that know they’ve been compromised and those that don’t yet know.” Most of the attacks were directed at intellectual property and industrial secrets. While the Obama administration has been reluctant to assign blame, Michigan Representative Mike Rogers and the Office of the National Counterintelligence Executive recently outed Beijing as a major source of the cyber espionage. The question for 2012: if China doesn’t heed this now public criticism, what else is the United States prepared to do?

9.  Ai Weiwei

Beijing’s detention of the artist/activist Ai Weiwei last spring produced a public outcry that refused to die. Ai, whose artwork and political activism have long annoyed Chinese officials, was arrested in April on the grounds of “economic crimes” (later described as a failure to pay taxes). He was released in late June following a worldwide Internet campaign protesting his arrest. In November, Beijing levied a $2.4 million tax bill on Ai. Chinese citizens rose to his defense contributing $1.3 million to help pay the bill—some sending the money via the Internet while others floated bills over Ai’s gated house. The final outcome of Ai’s judicial misadventure remains to be seen. However, as a matter of morality, the Chinese people have already turned a travesty into a triumph.

10.  Japan: A Spring of Devastation

Japan confronted an almost unimaginable set of disasters last March: a 9.0 earthquake—the most powerful in Japan’s history—a tsunami, and a nuclear meltdown. In the face of such horror, several “Japans” quickly emerged: a bureaucratic elite that appeared confused and, in the final analysis, prone to cover-up; the courageous self-defense forces that responded without hesitation to the crisis; and a public that was a model of generosity and self-sacrifice. More than nine months on, the disaster continues to haunt the country with questions remaining as to the success of the clean-up effort, the safety of the country’s food products, the future of its nuclear industry, and the capacity of its government to manage these and other challenges. Still, Japan has weathered worse, and we’ll bet on the fundamental resilience of the Japanese people to ensure their country emerges only stronger for the tragedy that they have endured.

Fort Meade, Maryland, which is home to U.S. Cyber Command. (Courtesy National Security Agency)

Chinese analysts and officials like to point out that it was the United States that first set up Cyber Command and thus, in their view, militarized cyberspace. Yet Chinese military thinkers are clearly thinking about what type of organizations and institutions they will need to conduct offensive cyber operations and to defend their own networks against attacks. An interesting piece in China Defense Daily lays out some of the characteristics necessary for “a highly effective command system for cyber war mobilization.”

• Military and civilian networks are interconnected, and the resources needed for cyber war permeate society; military units, social organizations, and even individuals “will all possibly become combat forces during a cyber war.”

• Given this diffusion of resources, there is a need for a cyber war mobilization command system with a “vertical command hierarchy” that reaches into all of society.

• Each of the branches of the military should have its own command division, manage necessary resources, cultivate forces, and organize training and drills. Once a war breaks out, there needs to be a “coordinated strategic level” command structure that mobilizes resources and launches combat operations.

• There must be specialized troops within industrial sectors, with especially strong ties to the information industries.

• Need to enlarge specialized cyber troops, recruiting computer network experts. The PLA should also reach out to all segments of society and create cyber reserves and people’s militias.

• Offense and defense in cyber war have distinct characteristics, and they change frequently. Offensive technologies include computer viruses, EMP bombs, microwave bombs, and computer and microchip backdoors.  For defense, there are network scanners, network wiretapping devices, password breaking devices, electromagnetic detectors and firewalls, and anti-virus software.

• Because the technological requirements of these weapons are very high, there must be extensive R&D programs into new offensive weapons as well as the defensive and offensive capabilities of the potential adversary.

This is a very “whole of society” approach, one which seems to fundamentally grasp that power in cyberspace is multi-faceted and spread throughout society. And while we assume that Chinese policymakers can simply mobilize these social forces to bolster state power, is that actually the case?  And if it is true now, might that change?

These types of articles (and perhaps blog posts like this one?) can be expected to feed into the growing security dilemma between the United States and China. Chinese analysts see Cyber Command and Cyber Storm exercises as directed against them. Though the tone of the article is exploratory—and the author, Huang Chunping, appears to be an aerospace and nuclear expert, not a cyber specialist—the take-home for many readers will be that all Chinese citizens are potential cyber warriors. Dampening a security dilemma is not easy.  Dialogue and confidence-building measures can help, but these are only at the preliminary stages right now. Hopefully they will pick up in 2012, otherwise the lack of trust between Washington and Beijing looks only to grow.

(p.s.—I am now worsening the security dilemma on twitter Follow @adschina)