Naming names in APT

Bob Bragdon says it's time to stop tiptoeing around China

Let's call a spade a spade: China is the greatest threat to international cyber­security on the planet.

I'm tired of pussyfooting around this issue the way that I, and many others in security, industry and government have been for years. We talk about the "threat from Asia," the attacks perpetrated by "a certain eastern country with a red flag," network snooping by our "friends across the Pacific." I swear, this is like reading a Harry Potter book with my daughter. "He-Who-Must-Not-Be-Named" just attacked our networks.

Let me be absolutely, crystal clear here. In this scenario, China is Voldemort. Clear enough?

Also see Byzantine Hades shows China's cyber chops

We dance around this issue because we don't want to make China mad. God forbid. This is cowardly appeasement. It's like not wanting to say anything to the schoolyard bully who steals your lunch money every day.

I understand the whole issue of economic expediency. Why aggravate China? It's a huge trading partner. But if that was a legitimate argument, wouldn't China be asking itself that same question? Why aggravate the United States? It's a huge trading partner!

I do not accept the argument. We know that if a business opens an office in China, it's going to lose whatever intellectual property it has there. We know that when we send our executives to China, the Chinese government will be pilfering their laptops and cell phones. If that wasn't the case, then why would we give our execs throwaway phones and laptops? (And if you aren't doing that, we should probably talk.) The threat is real, and it's about time we do something about it.

I was pleased to see U.S. counterintelligence chief Robert Bryant come out and finger the Chinese (and the Russians), calling their economic espionage a "national, strategic long-term threat to the United States." Better late than never. China's actions kill jobs and economic opportunity for all of us, and should not be tolerated.

Like Harry Potter, I'm not afraid of saying my enemy's name. China, Voldemort, whatever. As long as we tolerate it, the problem will only get worse. Time for us to stand up and call it what it is.

Copyright © 2011 IDG Communications, Inc.

8 pitfalls that undermine security program success