CHINA WATCHIf We Can’t Name China’s Cyberattacks, We Lose Trust in Ourselves
In the space of just a few days, two big US tech companies took different approaches to China’s cyberattacks. Palo Alto Networks generically referred to a global cyber espionage operation by unnamed actors while Google specifically named China as the globe’s leading cyber security threat. That inconsistency hurts everyone but China.
In the space of just a few days, two big US tech companies took different approaches to China’s cyberattacks. Palo Alto Networks generically referred to a global cyber espionage operation by unnamed actors while Google specifically named China as the globe’s leading cyber security threat.
That inconsistency hurts everyone but China.
A refusal to name and shame China incentivizes Beijing to carry on, leaves our public underinformed, and places little pressure on governments to tackle the problem.
The West won Cold War competition against the Soviet Union through the combined power of government policy and private sector innovation. Today, China has taken the upper hand because we do not have that same alignment.
It is true that the defense industry never relied on Moscow’s money the way tech companies rely on China’s now. But we need industry to find its national interest, not just its financial one.
Without a patriotic partnership between Western governments and industry, both sectors will continue treating their relationships with China as too big to fail, forcing them to tolerate security threats for fear of financial insecurity.
Reporting suggests that Palo Alto’s decision not to publicly attribute the cyber campaign to China was due to concerns about potential retaliation against the firm or its clients.
Meanwhile, Google’s Threat Intelligence Group publicly assessed that China conducts more cyber threat campaigns by volume than any other country, including operations targeting defense suppliers and next-generation technologies such as drones and uncrewed systems.
The contrast is instructive. One firm reportedly avoided specific attribution due to geopolitical risk. The other named the actor and placed the activity within a broader strategic pattern.
This is not a morality play. Big tech companies operate globally, face regulatory exposure and owe duties to shareholders and clients. Attribution is in the public interest.
Prudence is of course legitimate. Market access, staff safety and client protection matter, particularly in jurisdictions willing to weaponize regulation. Such due diligence is akin to governments being diplomatic. But prudence and diplomacy cannot mean authoritarian states—in this case China—can do whatever they like while we suffer in resigned silence.
And hypocrisy is to be avoided. All nations spy. But it is China that has fused its public, private, civil and military sectors and continues to steal intellectual property and secrets for commercial gain.
