Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.
Kenneth F. Belva

The Google / China Hack: What you won’t read elsewhere

Google may leave China after a major hack. That’s the headline.  Yahoo! even joined in denouncing the attack. Google and the mainstream media give the impression that the compromise is the reason Google will leave. It seems unlikely to me: the hack is the straw that may break the camel’s back, but it’s not sole reason.

In late October of 2009, I was invited to South Korea to speak on information security. In my conversations with the conference participants, I learned that intellectual property (IP) is not given the same considerations in Asia as in the US and Europe. Employees of companies are constantly leaking data to other companies and it’s difficult to change the mindset. In addition, at least in South Korea, there are less infosec laws and companies are not regulated as they are in America (SOX) and Europe (see Telecom legislation here).

The lack of regulation and the difference in mindset create an environment that lends itself to compromise. As such, this is most likely not the first compromise or exposure for Google (or most other US businesses) that operate in China. Stepping away from information security for a moment, we can see this mindset in other fields of business. Consider consumer goods such as watches, clothing and handbags. According to Wikipedia, “Most counterfeit goods are produced in China, making it the counterfeit capital of the world.” Why should the mindset be different for intellectual property, especially property in an electronic format?

3 Comments

  1. Kenneth F. Belva Jan 14, 2010 at 11:33 am | Permalink

    A quick addendum: although this post was written and published before it came to light that it appears that the Chinese Government is behind the attacks, this fact does not change the general point about the mindset to IP.

    See: http://arstechnica.com/security/news/2010/01/researchers-identify-command-servers-behind-google-attack.ars

  2. NoticeBored Jan 17, 2010 at 2:15 pm | Permalink

    So what’s the connection you’re trying to make? Has Google actually lost its IP in China, or did some Google exec get caught with a fake Gucci handbag?

    We all know there is a problem with counterfeiting and IP theft in China and indeed other countries in the region. I just don’t see how you made the conceptual leap from what Google has disclosed about their displeasure with the Chinese to this.

    Seems to me the US is overtly paranoid about China and uses every available opportunity to have a crack at the Chinese (is this xenophobia US Govt sponsored I wonder?). The good ol US of A should get its own house in order too: piracy and industrial espionare are still rife in the West.

  3. Kenneth F. Belva Jan 18, 2010 at 9:26 am | Permalink

    China’s cultural mindset creates an environment where IP — whether for physical goods or electronic goods — is not as respected as it is here in the US or in Europe. Of course there will be some IP theft in the US/Europe: frankly it’s not possible to do business without some kind of IP loss at some point in time. The difference is that: 1) it’s not sanctioned (at times) by the Government; and 2) it’s not as widespread as in China (and hence systemic).

    What’s not being reported elsewhere is the cultural dimension. The Google hack will often be referred to as a one-time incident instead of a reflection of something deeper. Security professionals should ask themselves how could I protect the corporate assets under a much more hostile setting than what we see in the US and in Europe.

    It seems to me that this is why Google decided to step forward now: they (and the rest of the US companies in China) want such cultural reforms.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*