Introduction In recent years Western pundits and politicians have played up the specter of a new digital divide, between opposing democratic and authoritarian information orders, by at times even labeled an Internet cold war 2.0. The term digital divide originally explained unequal access to the Internet and digital information resources inside and between countries (Norris 2001). The new digital divide was not about unequal access to the Internet and digital information resources. It was political in nature due to different conceptions of liberties, freedom of expression, and how information flows should be governed nationally and internationally. Most notably, former US Secretary of State, Hillary Clinton, in her by now well-known talk in Washington DC on January 21, 2010, emphasized that an “information curtain” had descended between free and closed nations of the world (Clinton 2010). Clinton, invoked and echoed Winston Churchill’s famous words on the iron curtain that came to divide Europe for more than fifty years when she in Washington DC said: “an information curtain now separates the free from the unfree.” Two years later, the International Telecommunication Union’s (ITU) World Conference on International Communications (WCIT-12) meeting, which negotiated a revision to the 1988 international telecommunications regulations (ITR), broke down on vague wordings on Internet governance in the final resolution on December 14, 2012. Subsequently, The Economist magazine ran the headline “A digital cold war?” (Dubai 2012). However, the leaks by Edward Snowden in June 2013 radically changed the nature of the debate on Internet freedom and Internet security, although black-and-white dichotomies between the “free world” and the “unfree world” remain remarkably persistent, even after Snowden, a former employee with a contractor of the National Security Agency of the United States, revealed the enormous extent of surveillance and monitoring of individual citizens worldwide and in the USA. As statements by US congressmen about Chinese spyware infiltrating the mobile phones of Hong Kong activists illustrate, hypocrisy and myth making about “good” and “evil” surveillance is very much alive (Farrell and Finnemore 2013). Internet governance issues, however, are not black-and-white uncomplicated issues on either side of

the imagined cyber curtain separating the free from the unfree (cf. Stalla-Bourdin et al. 2014). Russia, China and Iran are autocratic but not totalitarian countries. They showcase complex authoritarian-capitalist settings, which in the cases of Russia and Iran entail constrained but, nevertheless, electoral politics. Unlike totalitarian North Korea, these countries are not isolated from the rest of the world, but are deeply involved in social and economic globalization. And in China, interestingly, the state cannot fully trust private commercial companies to fully comply with the party-state’s intent to censor and monitor citizens’ communication over social networks. The remainder of this chapter discusses Swedish and Chinese cyber-security strategy, focusing on threat perceptions, cyber-security methods and organization. Why compare Sweden and China? The main reason is that while both have relatively advanced information societies and cyber-security measures, they represent on the one hand a parliamentary democracy, and on the other an autocratic political system. While many other democracies and autocracies could have been chosen, Sweden and China are particularly interesting given their difference in size and position in the global system. Also, while the USA is a leading cyber power, and thus in a sense a major geopolitical counterpart of China, we are not here analyzing the balance of cyber power, but are mainly interested in differences and similarities between democracy and autocracy concerning cyber security. And while US cyber-security policies have been extensively discussed elsewhere (Mueller and Kuehn 2013; Dunn Cavelty 2008), there is hardly any studies on Swedish cyber security (for exceptions, see Eriksson 2001a, 2001b, 2004). Moreover, our particular expertise on Swedish and Chinese cyber politics is a pragmatic reason for studying these rather than any other countries. It should also be made clear that we conceive of cyber security in a broad sense. Cyber security, as we understand it, includes defensive measures against cyber attacks such as firewalls and CERT (Computer Emergency Response Team) functions, offensive measures such as computer hacking and denial of service attacks, and cyber surveillance and cyber espionage (Andreasson 2012; Dunn Cavelty 2008).