Skip to main content

China-Russia Cybersecurity Cooperation: Working Towards Cyber-Sovereignty

June 21, 2016


Yuxi Wei

Feature Series

Cybersecurity Initiative Highlights

Since 2014, closer ties between China and Russia have attracted speculation about whether the relationship will continue to deepen into an alliance. The 2015 Sino-Russian cybersecurity deal seemed to mark further Sino-Russian cooperation another arena—cyberspace. The pact has two key features: mutual assurance on non-aggression in cyberspace and language advocating cyber-sovereignty.

If this pact is merely treated as a “non-aggression” pact, then Sino-Russian cybersecurity cooperation has a similar pattern to their overall relationship, which appears to be intimate but is actually problematic. However, looking past the non-aggression elements of the pact illuminates the key element of the agreement—China and Russia’s pronounced support for the concept of “cyber-sovereignty.” The support for cyber-sovereignty echoes the centerpiece of Sino-Russian cooperation in the general terms—a challenge to US dominance in the international system.


Since the Russian Federation’s annexation of Crimea in 2014, Sino-Russian relations have grown closer. For instance, energy cooperation between China and Russia advanced and a 30-year gasoline deal was finally signed. Additionally, the announcement of the contract for the S-400 Triumph missile defense system and the transfer of Su-35 combat aircraft in 2015 marked a continuation of Russia’s arms sales to China, which had previously been halted for nearly 10 years.

However, there is a lack of substance to Sino-Russian cooperation. The final price over the gas deal has remained a disputed issue and since oil prices have continued to plunge, China has been reluctant make the expected prepayment. Furthermore, although Russia has agreed to sell the S-400 air defense system to China—its most advanced air defense system—and China has made an advance payment, it is still unknown which type will be delivered, and whether Russia will actually deliver. According to an interview made by Russian News Agency TASS in March with Rostec CEO Sergei Chemezov, as China has made advance payment, the defense system would be delivered in the first quarter of 2017; but in June, during the interview with Sputnik, Chemezov indicated that China will not receive S-400s earlier than 2018. As a result, instead of making substantial progress to bring their partnership to the next level, Russia and China are more likely working to appear cooperative as a signal to challenge the US defined world order.

A similar pattern can also be observed in the realm of cybersecurity. Russia and China made a bilateral cybersecurity deal in May 2015, described by some media as a “nonaggression pact.” While the frame of the pact was largely borrowed from their previous agreement under the Shanghai Cooperation Organization, the effectiveness of implementing their “pledge not to hack each other” remains questioned.

The Limits of Sino-Russian Cybersecurity Cooperation

According to the report published in September 2015 by Proofpoint.Inc, a U.S. based information security company, Chinese language based tools were used in a campaign targeting telecommunications and military in Russia from July-September 2015, only two months after the signing of the May 2015 cybersecurity pact. Although there is no evidence proving the attack has a direct linkage with any Chinese groups, the use of Chinese-language tools and the “command-and–control that goes back to host sites in Chinese influence areas” raises suspicions that the Chinese are the most likely actors.

In contrast, Chinese espionage activities on US have declined since the US and China signed their cybersecurity deal in September 2015. However, cyber-espionage attacks by “Chinese-speaking” groups against Russian targets have increased 300 percent from December 2015 to February 2016, as indicated by Costin Raiu, a top security expert with Kaspersky Lab, an international software security group headquartered in Moscow. Therefore, it seems that the cybersecurity pact between Russia and China has actually brought little development to ensure their safety in cyberspace.

Common Ground: Working Towards Cyber-Sovereignty

Nevertheless, cyber-espionage is not the core of Sino-Russian cybersecurity cooperation. Much like Russia and China’s combined effort to oppose a US-dominated world order, the insistence on “cyber-sovereignty” is a shared strategic interest that contrasts with the US advocacy for “cyber freedom.” The Chinese idea of cyber-sovereignty was first mentioned in 2010 in a white paper called The Internet in China and was reinforced by Chinese President Xi at the 6th BRICS summit in 2014.

It was further emphasized at the Wuzhen World Internet Conference in December 2015. China argues that “Internet sovereignty” should mean that the Internet is a reflection of physical space and, hence, also a state’s sovereign territory. Thus, according to China, the Internet should not be subjected to foreign interference, and each country should have the right to control its domestic cyberspace.

In other words, any Internet regulation, such as state control over Internet content, is justified. In order to create this norm of cyber-sovereignty, China is working fervently to establish regulatory institutions and mechanisms to strengthen cyber-governance. Moreover, in support of the idea of cyber-sovereignty, China is looking for international partners that share the same ideology. For instance, the Cyber Security Association of China (CSAC), newly created in March 2016, not only connects the government, private sector, and researchers to centralize the state power over cyberspace, but also is an institution which “for the first time can engage in international cyber diplomacy at more senior levels.” The intention of engaging in international cyber-diplomacy is exemplified by CSAC’s participation in the cybersecurity forum in Moscow in June.

Meanwhile, Russia’s concern with US control over the Internet and its own Internet governance has increased since the implementation of Western sanctions against Russia in 2014. In 2014, Kremlin spokesman Dmitry Peskov made a statement that indicated that Russia may take measures to prevent foreign interference in its Internet. His statement coincides with China’s idea of Internet sovereignty. With the consensus in Internet sovereignty, the language of protecting Internet sovereignty in cyberspace was added to the Sino-Russian cybersecurity pact as the new aspect of cooperation.

Deepening Cybersecurity Cooperation: The Information and Communication Technologies Development and Security Forum

The first Russia-China Information and Communication Technologies Development and Security Forum held in Moscow in April 2016 illustrates the deepening of Sino-Russian cyber-sovereignty cooperation. The April meeting was attended by 50 Chinese information technology experts and government officials from the CSAC, including Lu Wei, the senior executive official in charge of Chinese cybersecurity and Internet policy, and Fang Binxing, the architect of China’s Great Fire Wall. The main focus of this Sino-Russian cybersecurity forum was implementing Internet regulation and protecting cyber-sovereignty.

In February prior to the meeting, the Russian Ministry of Communication was preparing a bill on state control of the Internet traffic in Russia, with proposals to improve the infrastructure for monitoring DNS and IP addresses, to control foreign communication channels and traffic exchange points, and to oblige operators to use only the exchange points registered with the state. Following the announcement of the draft of this bill in March, the Safe Internet League, which is the largest state backed Russian organization focusing on combatting dangerous online content, published an article revealing China’s successes in building infrastructure to block malicious traffic and in solving IPv4 address exhaustion, which seemed to foreshadow the forum in April.

At the meeting, the Russian attendees echoed the concerns brought forward by Chinese delegates about US reluctance to share its sovereignty over today’s Internet, and “aggressive media propaganda,” meaning the incoming information from the West. Nationwide pre-filtering was also proposed to protect Russian digital sovereignty along with the spoken need for more Internet regulation to improve the quality of online content. As the forum was concluded, there appeared to be a call to stand against “the efforts of some nations to usurp Internet ownership.” Therefore, instead of augmenting the trust or preventing cyber-espionage between the two countries, the Sino-Russian cybersecurity cooperation a strategic move to challenge US dominance over the Internet.


Undoubtedly, bilateral ties between China and Russia have been strengthened in recent years, yet this partnership will hardly become an alliance. Rather, the Sino-Russian cooperation is “a marriage of convenience.” The closeness of China and Russia’s cybersecurity relationship is not dependent on their ties with each other, but is defined in relation to the US. Just as China and Russia advocate for multipolarity to challenge the perceived US’s unipolar world view and values, their cooperation in cyberspace demonstrates the same focus on the US. There is a concern about the US support for Internet freedom as a foreign policy priority, accompanied by the FBI and Pentagon’s insistence on the loyalty of the global, but US-based, technology companies to American interests. The fear for and the opposition to US dominance over the Internet brings China and Russia together. Their combined efforts and increased cooperation to filter the incoming foreign information illustrate their determination to reshape international politics and cybersecurity norms. 

This publication was made possible in part by a grant from Carnegie Corporation of New York. The statements made and views expressed are solely the responsibility of the author.