As China looks to change global security order, ASEAN countries should pay particular attention to norms around cybersecurity.
Editor's Note: The following article is part of a USIP project, "Tracking China's Global Security Initiative." The opinions expressed in this essay are solely those of the author and do not represent USIP, or any organization or government.
China’s Global Security Initiative (GSI) marks a new phase in Beijing’s ongoing push to change the international security order. Through the GSI, China seeks to establish itself as a counterbalance to U.S. influence and to reshape security management in a number of strategically important regions. The GSI is still in the early stages of implementation, but it has already demonstrated the potential to disrupt the existing security framework in Southeast Asia. This may lead to increased polarization within the Association of Southeast Asian Nations (ASEAN), with some member states aligning with the GSI and others remaining cautious due to their stronger affiliations with the United States.
What Does China Hope to Accomplish with the GSI?
When Chinese leader Xi Jinping announced the GSI in 2022, it was described as a comprehensive framework for addressing global security challenges that centered on six principles, including an emphasis on shared responsibility, sovereignty and peaceful dispute resolution.
The GSI’s primary goals, according to Beijing, include maintaining global security, enhancing coordination among regional organizations and addressing diverse challenges — from traditional conflicts to climate change to cybersecurity.
China’s motivation for the GSI is influenced by heightened threat perceptions in its neighborhood, driven by events like Russia’s 2022 invasion of Ukraine. China seeks regional stability through nonmilitary means, aligning with its economic statecraft and diplomatic strategies, including the Belt and Road Initiative.
The GSI In Southeast Asia
There is ongoing debate surrounding the implications of the GSI for ASEAN, with several potential impacts that demand careful consideration and analysis.
For example, the GSI may foster increased security cooperation between China and ASEAN member states. This cooperation could challenge the long-standing U.S.-led security order in the region, as the GSI promotes norms and principles — such as sovereignty, noninterference and win-win cooperation — that diverge from those embedded in the U.S.-led security order, which emphasizes collective security and the rule of law.
Despite these efforts, unresolved territorial disputes — specifically China’s claims in the South China Sea — have sparked skepticism in some Southeast Asian nations about China’s increasing political influence in the region.
As the situation in the South China Sea becomes increasingly militarized, the concern among Southeast Asian nations is that China could use the GSI as a justification for its actions there, citing principles of sovereignty and noninterference to legitimize its activities. This could complicate not just the South China Sea dispute but set a precedent for other ongoing territorial disputes in the region, as China argues that its actions are necessary to safeguard its sovereignty and maritime interests.
China’s Vision for Global Data Security
The GSI concept paper also proposes to “build more international platforms for exchange and cooperation on addressing security challenges,” including on cybersecurity. The concept paper specifically states that China should increase international cooperation in the field of information security, formulating global rules on digital governance, and strengthening global governance systems for cyberspace.
Many of these goals for cybersecurity reflect those previously described in China’s Global Data Security Initiative (GDSI), which was launched in September 2020. The GDSI laid out a vision to establish international norms and standards for data security and promote cooperation between nations, particularly with China, in the field of information and communication technologies (ICT).
At the forefront of the GDSI’s eight key aims is securing global supply chains. The GDSI principles oppose ICT activities that could harm critical infrastructure or engage in data theft. They also propose taking decisive action against personal data infringements, including advocating against mass surveillance of other countries. GDSI encourages companies to comply with host countries’ laws, respecting the sovereignty of data. Additionally, these points assert that law enforcement access to overseas data should be completed through judicial assistance and other legal channels.
The initiative's roots can be traced to China's own data security legislation, which has been criticized by some for its strictness and implications for civil liberties. The legislation grants extensive powers to the Chinese government in data collection and regulation, raising concerns about potential misuse, particularly in suppressing dissenting voices and political opposition within China.
The GDSI has elicited varied responses, creating a divided landscape where some nations express support, while others harbor deep concerns about China's underlying intentions. Under the GDSI framework, participating nations may be required to disclose detailed information about their data security practices, raising concerns about granting China access to sensitive information, and potentially compromising data privacy and security on a regional or perhaps global scale.
Additionally, the GDSI provision granting China veto power over international agreements related to data security has raised concerns about the potential for China’s disproportionate influence on the global data governance landscape, potentially altering the existing international order in this crucial domain.
While the GDSI offers potential advantages, such as enhancing global data security and fostering universally accepted data security standards, it thus also presents significant risks. These include concerns about China's potential exploitation of the initiative for strategic advantage, misuse to suppress dissent and criticism, and the initiative’s role in giving China disproportionate influence in the realm of global data management.
How China’s Data Security Could Undermine ASEAN
If the GDSI is understood as an important dimension of the GSI, it suggests that Beijing may be exploring the establishment of a cyber cooperation initiative with Southeast Asia, akin to existing collaborations with the League of Arab States and Central Asia.
While collaborating with China through the GDSI could deepen cooperation between China and ASEAN in the ever-more important cyber realm, it also poses a number of potential security challenges. For one, it may increase the potential for cybersecurity threats from China in the region. Chinese hackers have been targeting government and private sector organizations in ASEAN countries, raising concerns about cybersecurity threats emanating from China.
In addition, heightened data sharing between ASEAN and China potentially increases vulnerability to data breaches and outside cyberattacks. Moreover, the establishment of data security cooperation mechanisms could be influenced by Chinese norms, which may not align with global best practices — certainly, they are distinct from those that currently shape cyberspace.
All in all, China's growing global influence through initiatives like the GSI and the GDSI has various implications for ASEAN. The GSI offers cooperation opportunities but may disrupt regional security and escalate territorial conflicts.
Given the high-level provenance of GSI and Beijing’s continuing efforts to promote it as an increasingly important centerpiece of its diplomatic engagement, ASEAN countries should expect China to encourage their commitment to participate in a range of GSI-related agreements and activities, including in the area of cybersecurity. Prudent foreign policy choices are essential for managing the complexities involved in these engagements and safeguarding national interests in the evolving global geopolitical landscape.
Thy Try is a researcher from Cambodia.