Secure Information Exchange - Whether It’s Data in Motion or at Rest

China vs. Google: The Policy, Strategy and Technology Perspective

January 23, 2010 at 10:12 am · Filed under Risk Management

By Craig Robinson

Over the past two weeks, we’ve all heard many different opinions on the Google-China dispute. It seems everyone who’s anyone has sounded off on the political implications of Google’s announcement to stop censoring search engine content. Amid all the soapbox shrill, too many are forgetting about the incidents leading up to Google’s decision and the serious downstream questions about national security these incidents raise.

In the U.S. today, our most vulnerable data is housed in the private sector. While mandates like SOX, HIPAA and PCI helped create standards within certain industries, few global infosecurity standards and regulations govern how sensitive enterprise data is transferred and stored. In the absence of comprehensive guidelines, business and IT leaders are left to their own devises when it comes to implementing effective cyber security policy, strategy, and technology. While the current extent of the breaches is debatable, the implications of major breaches and security incidents at some of the country’s most progressive technology companies—Google, Yahoo!, and Adobe—where policy, strategy and technology are thought to be topnotch, are huge. Preparation for potential actions like those attributed to China recently is a necessity for businesses. Our adversaries are paying attention and next time the stakes may be much higher than access to search engine content.

The Policy Perspective
Playing by host country rules is a business decision. Leaders must understand the risk management aspects of conducting international business—a crucial component of which is to explicitly consider threats to the business operations. This consideration is especially important when a company is conducting business outside of its country of origin.

By American standards, China has a longstanding, adversarial stance on freedom of speech that “telegraphed” (in advance) their potentially drastic actions while investigating human rights activists. China’s actions can be considered a form of cyberwarfare. Official US sources (including the Congressional Research Service) have reported that China has openly discussed cyberwarfare capabilities. Such capabilities are applicable to civilian and military targets, especially as evidenced by China.

Any company, including Google, can choose to enter a market if their lawful business interests and activities drive such a decision. However, companies must also understand the potential direct threats (e.g., from cyberattacks) and indirect threats (e.g., adverse public opinion) that may result from such business operations. Google is an international giant. If a behemoth with global influence can suffer from direct attacks, other businesses must take note and address their policies accordingly.

The Strategy Perspective
Strategy provides the top-level framework for implementing policy. If companies are to enter an environment with potential state-sponsored cyberwarfare threats, they must develop, in advance, their business strategy. The “tit for tat” adjustment (by Google) of access controls may have been implemented in accordance with a preplanned strategy. However, China likely has a capability to escalate cyberwarfare to an extent that Google may not fully appreciate. In either case, China certainly has the capability to make business operations untenable for companies refusing to “play by the local rules.”

Business strategy must account for likely contingencies, like this, that threaten policy objectives. In the Google example, pre-planned strategy could have included establishing (in advance) lines of communication within the Chinese government to allow for cooperative resolution of disputes. Suspending or ceasing business operations in China, if no agreement is reached, could be a strategy of last resort. Jousting with the Chinese government in cyberspace is an approach that even Google found problematic.

The Technical Perspective
Businesses, regardless of the geographic extent of their operations, must implement the technical measures necessary to reasonably assure their operations are in accordance with their strategies. From a practical perspective, it is extremely difficult for any corporate business infrastructure to withstand a cyberattack conducted or supported by a “cyber superpower.” Even outside of the cyber realm, China has proven itself capable of shutting down the basic network connectivity, and other infrastructure, that allows a business to operate within its territory. These realizations provide the clearest proof points for the necessity of sound policy and strategy that align with technical realities.

For more on this topic, check out this recent article by Jim Lakely in InfoTech & Telecom News.

15 Comments »

  Secure Info Exchange » China vs. Google: The Policy, Strategy and … | china News Station wrote @ January 23rd, 2010 at 4:28 pm

[...] the rest here: Secure Info Exchange » China vs. Google: The Policy, Strategy and … Share and [...]

  Secure Info Exchange » China vs. Google: The Policy, Strategy and … wrote @ January 23rd, 2010 at 5:54 pm

[...] See the original post here: Secure Info Exchange » China vs. Google: The Policy, Strategy and … [...]

  Install Communication Software wrote @ February 8th, 2010 at 7:22 pm

Very good information thank you.
Bookmarking this page.

  Guest Blog By GlobalSCAPE’s COO: Defending Cyberspace… — CoreTrace WhiteSpace wrote @ February 22nd, 2010 at 1:05 pm

[...] and by proxy, to target and attack critical infrastructure within the US and worldwide. The recent cyber attacks launched within China against Google and several other companies raised questions about the state of industry preparedness to help [...]

  Secure Info Exchange » China vs. Google: The Policy, Strategy and … | Xtreme Geeks wrote @ March 4th, 2010 at 4:42 am

[...] this link: Secure Info Exchange » China vs. Google: The Policy, Strategy and … Posted in Tech News Tags: absence, breaches, Current, devises-devices, effective-cyber, [...]

  kirod wrote @ March 5th, 2010 at 7:06 pm

china vs google gues who wins? obviously Google because it rocks

  Secure Info Exchange » Implications of Google’s Policy Shift: A Domino Effect? Long-term Reengagement? wrote @ March 26th, 2010 at 9:43 am

[...] decision NOT to play by host country rules, which demanded self censorship from Google. As I explained when China’s cyberattacks first came to light early this year, companies must understand the [...]

  Mediafire wrote @ June 17th, 2010 at 11:54 pm

certainly google and china both will be at loss.Negotion is the best way

  Ed wrote @ August 14th, 2010 at 10:34 am

Fresh news – china start to develop national search engine

  PCBA Assembly wrote @ August 30th, 2010 at 3:17 am

I think China vs Goole,china is not a egg,and the goole not a rock,anything is possible in the world,please don’t look down upon China.

  PCBA Assembly wrote @ August 30th, 2010 at 4:25 am

Yes,the best way is to win-to-win.

  bham wrote @ September 2nd, 2010 at 6:44 am

Very good blog !

  sim only uk wrote @ November 14th, 2010 at 1:47 am

I was very pleased to find this site. I wanted to thank you for this great read!! I definitely enjoyed every little bit of it and I have you bookmarked to check out the new stuff you post.

  Pandora wrote @ December 9th, 2010 at 12:59 am

we’re taking proactive measures to do our part in enabling the future of secure information exchange and providing total path security.

  affiliates wrote @ January 2nd, 2011 at 8:07 am

Google and china relations are getting better now :)

Your comment