At the 9th Singapore International Cyber Week (SICW), themed "Trust and Security in the Digital Era," Wang Lei, the Coordinator for Cyber and Digital Affairs from the Chinese Ministry of Foreign Affairs (MOFA), delivered a notably distinctive speech.
Within the MOFA structure, the Cyber and Digital Affairs Coordinator role falls under the Department of Arms Control and manages the Cyber and Digital Affairs Office. Though the rank is not particularly high—somewhere between a division director and a deputy director-general—it plays a crucial role in shaping China's "cyber diplomacy" and in formulating China's policies and positions on global cyberspace governance at the working level. In international multilateral negotiations, Wang's counterpart is Christopher Painter, the U.S. State Department's Coordinator for Cyber Affairs.
Wang leads the Cyber and the Digital Affairs Office under MOFA. The office was established in June 2013 under the Department of Arms Control, tasked with overseeing "diplomatic activities related to cyber affairs," engaging in "constructive dialogue and cooperation on cybersecurity issues," and "formulating relevant international rules within the UN framework." It is also a very important player in making China’s stance in bilateral and global AI dialogues. Since cyberspace is not a traditional area of expertise for MOFA, the role of Cyber and Digital Affairs Coordinator requires someone knowledgeable about the technology and well-versed in diplomacy. Wang is precisely such an official.
As a former diplomat with MOFA, I am very familiar with the style of speeches delivered within this system. Often, they are just repetitions of talking points, filled with ornate language but lacking substantial information. However, Wang's speech stood out for its strong personal style, and in my view, it articulated China's stance and concerns on cybersecurity more systematically than any previous Chinese government documents, diplomatic rhetoric, or spokesperson statements.
Wang raised three critical questions: 1) Are we still operating within the same international system? 2) Are we all following the same set of rules? 3) Should we secure the digital supply chain in an open or closed market? Each of these questions directly pointed to the core issues in the current global debate on cyberspace governance.
Below is the non-official translation of Wang’s speech:
Keynote speech by Mr Wang Lei, the Coordinator for Cyber and Digital Affairs at the Ministry of Foreign Affairs, at the high-level forum of the Singapore International Cyber Week
Good morning, everyone.
First of all, I would like to express my sincere thanks to the Singapore government for the invitation. I’m very pleased to participate once again in Singapore International Cyber Week.
The theme of this forum is "Advancing Rules, Norms, and Standards in Cyberspace: The Way Forward." Given the complex and volatile nature of cyberspace today, this theme is indeed timely.
As a new wave of technological revolution characterized by digitalization, networking, and intelligence accelerates, cyberspace and the real world are increasingly interconnected. Geopolitical conflicts and cyber confrontations are becoming intertwined, making risks in the cyber domain more complex and diverse. This has posed challenges to maintaining the existing rules-based system in cyberspace and brought greater uncertainty to the advancement of cyber rules.
We are at a critical crossroads. As we decide the way forward, we first need to answer three key questions that will determine the future of international cybersecurity rules.
The first question: Are we still in the same international system?
Cybersecurity is a global issue that requires a global solution. However, some countries, driven by geopolitical motives, are abandoning true multilateralism, fragmenting the international system, and choosing confrontational, small-group approaches to address global challenges.
Take the issue of ransomware, for example. The threat of ransomware groups has been increasing in recent years, becoming a common challenge for all countries. Yet, in 2021, some countries launched the so-called "Counter Ransomware Initiative," deliberately excluding key nations like China. Interestingly, U.S. officials have recently hyped up allegations of a so-called "Volt Typhoon" hacker group, claiming it attacked critical infrastructure in Guam. But according to reports from China's National Computer Virus Emergency Response Center, this group is actually an international ransomware organization. U.S. intelligence agencies and cybersecurity firms are colluding to spread false information about "Volt Typhoon" to secure more funding from Congress and government contracts by falsely accusing China.
Another example is submarine cable security. During this year’s UN General Assembly, a few countries, along with their allies, issued a joint statement on the security of undersea cables, attempting to extend the unjust suppression of Chinese 5G companies to broader digital infrastructure. We understand this is primarily a political statement, and not all countries involved have lost confidence in Chinese tech products. However, it’s worth noting that the countries initiating this statement dominate the global submarine cable market and are the only ones proven to have conducted long-term surveillance of international undersea cable data. Ironically, the country advocating for a "Clean Network" is itself the biggest threat to global cyber and data security.
Fragmented supply chains and these exclusionary tactics could ultimately lead to deeper global divisions. So, as we consider the future of global cyber rules, we must first address the fundamental question: "Are we still in the same international system?" Different answers will lead to vastly different paths.
The second question: Are we playing by the same set of rules?
After years of effort, the UN has finally reached a consensus on the "Framework for Responsible State Behavior," which is the most significant outcome of the UN cybersecurity process and the only universally accepted international rule for cyberspace.
But soon after this consensus was reached, we regrettably saw some countries blatantly violate these commitments, publicly declaring that critical infrastructure in other countries can be legitimate targets for cyberattacks under certain conditions. Considering the country making this claim has the largest and most advanced cyber-military capabilities, combined with its aggressive offensive cyber strategies, this undoubtedly puts global critical infrastructure at immense risk.
For China, this risk has already become a proven threat. According to reports from Chinese cybersecurity agencies and companies, U.S. government-linked hacker groups, such as APT-C-39 and APT-C-40, have been conducting long-term cyber activities against global critical infrastructure, including in China.
Critical infrastructure security is a shared concern for all. Whether it’s China, Europe, Singapore, the U.S., or other nations, the development of the digital economy and societal reliance on critical infrastructure security have become universal. Acknowledging this vulnerability is key to forming a common set of rules and maintaining peace and stability in cyberspace, particularly among major powers. No country should expect to unilaterally define the rules based on its strength. China is willing to engage in dialogue with all parties, including the U.S., on the basis of equality and mutual respect, to reach a consensus on common rules and security boundaries.
The third question: Should we secure the digital supply chain in an open or closed market?
Recently, the Lebanon pager explosion shocked and alarmed the world. Although many technical details are still under investigation, this kind of attack, which links cyberspace with physical harm, has shattered the boundary between the two and raised significant concerns about the security of the digital supply chain.
This event reminds us of past incidents in the region. The "Stuxnet" case years ago was a classic example of using cyberspace to cause physical damage. Among the countries involved in the "Stuxnet" operation, it’s hard to tell who was the teacher and who was the student. But it seems some countries are now busy trying to convince the world that we need a so-called "clean" digital supply chain.
Another example is the issue of the 5G supply chain. For years, certain countries have been tirelessly spreading fear about 5G supply chain security, pressuring others to exclude Chinese companies' products and services. Yet, after all these years, we still haven’t seen any credible evidence from these countries to support their claims.
Is it possible that these countries are so eager to exclude Chinese companies because they fear that China’s presence limits their ability to "pre-set risks" through a monopoly over the supply chain? The global impact of the recent Microsoft Blue Screen incident caused widespread disruption and damage. Many experts believe that if it had been an intentional cyberattack, the impact could have been even worse. We all need to consider the responsibility that major digital companies bear in ensuring global cybersecurity.
When we connect these seemingly isolated incidents, countries actively or passively participating in dividing and closing off the supply chain should reassess their own security and seriously consider whether we should secure the digital supply chain in a more open market.
For these three key questions, I’m sure everyone has their own thoughts. Today, I’m not here to sell you a "correct" answer. But collectively, our answers will undoubtedly shape the future of cyber rules.
Colleagues and friends,
The recent Third Plenary Session of the 20th CPC Central Committee reaffirmed that Chinese modernization is a path of peaceful development, which defines the basic logic and strategic intent of China’s foreign policy. Based on this, China’s answers to the three questions above are clear, firm, and consistent.
First, we will work to uphold and strengthen the existing international system. China will steadfastly support a multipolar world with equal order and inclusive globalization, and actively participate in the reform and construction of global cyber and digital governance systems.
Second, we will resolutely safeguard and strengthen common international rules. No country’s security should be built on the insecurity of others. Protecting critical infrastructure requires that all countries jointly establish and adhere to the same international rules.
Third, China is committed to safeguarding the security and reliability of the global supply chain in an open, fair, and non-discriminatory market. National security requires clear boundaries, especially in the economic domain. As a responsible major power, with an advanced digital industrial base and a good track record as a supplier, we are ready to offer a more open, secure, and reliable choice for the world’s cyber and digital supply chain.
Thank you!
Great to see Chinese officials calling out the West for their hypocrisy. They get away with hypocrisy because the mainstream media has become a mouthpiece for Western security agencies. Please, more unconventional speeches! Time to point out that the emperor has no clothes on.