Tuesday, January 12, 2010

Google's New Approach to China - My Initial Reaction

RE:  http://googleblog.blogspot.com/2010/01/new-approach-to-china.html

I love the fact that Google publicly disclosed this incident.  I'm not going to comment on the human rights angle or the advertising angle or even the exact methods for exploitation other than to say - they are nothing more than variables in the equation.


We must acknowledge that even of the best security teams in the world are nearly irrelevant against those with time, motivation and expertise.    At this point we can only hope to detect traces of this activity and begin the investigation from there.  Given current IT environment we can not stop this but we sure as hell need to be aware these threats exists and they are being actively exploited everywhere.

What should our government do in response?  Given the expertise at Google I'm willing to take the facts as presented in their blog at face value and say they are correct in their assumptions of the aggressors in this scenario.  This isn't news on its own, we've always known that to be the case, but Google coming public with this information is amazing!  This activity should force heated discourse with our industry leaders, our government leaders, our intelligence/military leaders, etc.  We need to talk... then we need to Act.

What a platform for the new cybersecurity coordinator to stand on... If this situation doesn't give him the ears of Congress nothing will.  

My Question of the day: What is the government going to do to protect our information, our companies and our people?  It is apparent that we can not protect everything ourselves, there needs to be a real deterrent (legal, military, etc) and we need real assistance not just rhetoric.

Does it make sense yet?  We can't sit idle anymore, we must take pro-active measures to protect our company's our data and our people.  They are all being targeted for purposes you may not fully understand, but that doesn't mean you won't be compromised.  We can't solve the whole problem, but we must take a more substantive approach to Information Security.

My congratulations to Google.  I know of no other company in the world that would consider risking the largest market in the world.  Prioritizing the "right thing" over financial gain is way beyond "do no evil". 

1 comment:

Chris said...

Google did the right thing by bringing this information public. I applaud this type of transparency. I should hope that the community at large (technology and human rights based) takes a more active preventative role to minimize further incidents and censorship. Good post.