The Common Criteria for Information Technology Security Evaluation — Implications for China’s Policy on Information Security Standards

Dieter Ernst, and Sheri Martin

2/25/2015
(Original Publish Date: 2010)

As the recent dispute between Google and the Chinese government demonstrates, information security-related policy issues are rapidly becoming ‘hot button’ challenges for China-US relations. In the US media, much of the debate has focused on internet censorship. Equally important are economic impacts and implications for national security of a perceived increase in cyber attacks. In fact, both Chinese and US policy makers are searching for ways to improve the protection of information systems that are of strategic importance for economic growth and competitiveness, as well as national security. And the arsenal of cyber warfare keeps growing by the day. In fact, there is reason to argue that cyber warfare has the potential to morph into a new form of technical trade barriers (TTBs) and hence should be appropriately discussed within the WTO (Ernst, 2009b). A better understanding of the policy implications of information security-related conflicts requires research on the evolving policies and institutions that shape information security standards. This paper looks at an international cooperative attempt to develop a set of “Common Criteria for Information Technology Security Evaluation,” explores its strengths and weaknesses, and examines implications for China’s policy on information security standards.