by Russell on February 1, 2010
Taboos are willful ignorance, socially-enforced. They are so not New School. We have to deal with them, but we don’t have to be happy about it.
The public display of taboo is one of the more interesting aspects of Operation Aurora, a.k.a. the Google-China affair (summary and analysis is here, more details here.). It’s unfolding almost like a like a Greek tragedy.
Act 1 in the play was Google’s strategic decision to go public and recruit other breached companies to join them (without success). Google went public anyway, violating the InfoSec disclosure taboo, and also the taboo against corporations speaking out against China.
Act 2 was the public and institutional reaction to Google’s announcement, the political posturing between US and China, and even the tempest of chatter in the InfoSec community about “Advanced Persistent Threats“ (or “Advanced Persistent Adversaries“, a term I prefer).
Act 3 is now under way at that great annual public meeting of Big Thinkers, the World Economic Forum in Davos, Switzerland. While they discussed almost every other topic and idea, they avoided the Operation Aurora as if it was the Great Family Shame, as highlighted here:
“BusinessWeek reports that the cyber attack on Google was the elephant-in-the-room at the annual meeting of world leaders in Davos. ‘China didn’t want to discuss Google,’ Josef Ackermann, CEO of Deutsche Bank AG and a co-chair of this year’s World Economic Forum, said in an interview. China’s Vice Premier Li Keqiang made that clear, he added. Even Google CEO Eric Schmidt didn’t bring up China, and Bill Gates was mum on the topic in an interview. The reluctance of companies to talk about China illustrates the pressure on them to protect their business in the country, while the U.S. government doesn’t want to upset Chinese investors, said Andy Mok of Red Pagoda Concepts LLC. ‘People have their commercial interests,’ explained Deutsche Bank’s Ackermann.” [emphasis added]
While the Operation Aurora taboo is rooted in international politics, similar taboos exist within both the public and private sectors and no international politics are involved. While we must deal productively with these taboos, we also can’t let them block meaningful progress toward the goal of data-driven information security and collective learning.