New Delhi, Feb 18: Failure of tech companies to publicly attribute cyber attacks to China weakens deterrence, leaves the public under informed and reduces pressure on governments to tackle the threat, a new report has said.
The Australian Strategic Policy Institute, in the report, criticised US cybersecurity company Palo Alto Networks Inc. for not publicly attributing the cyber campaign to China, adding that it was due to concerns about potential retaliation against the firm or its clients.
It noted that technology firms avoid naming China due to commercial concerns including market access and fears of retaliation. It contrasted the approaches of two US firms, namely Google and Palo Alto, where one issued a generic alert about a global espionage campaign and another publicly identified China as the leading source of cyber threats.
Google’s Threat Intelligence Group publicly commented that China leads cyber threat campaigns by volume, including operations targeting defence suppliers and next-generation technologies such as drones and uncrewed systems, the firm noted.
“Without a patriotic partnership between Western governments and industry, both players will continue treating their relationships with China as too big to fail, forcing them to tolerate security threats for fear of financial insecurity,” it said.
“But prudence and diplomacy cannot mean authoritarian states — in this case China — can do whatever they like while we suffer in resigned silence,” the report said.
Government should partner with industry to reduce incentives for silence and reward firms that demonstrate transparency and support evidence‑based attribution. The reward can be “through accumulation of both reputational capital and exclusive access to markets,” it suggested.
The think tank also cited an example saying, the three AUKUS nations can make a public policy that companies setting up operations in China will not be allowed to be involved in Pillar Two’s advanced-capabilities work.
“Governments should work with industry to scrutinise supply chains for political exposure,” it said, adding that “naming malicious state activity is not escalation but clarification.”
Such public flagging informs citizens, shapes diplomatic signalling and constrains plausible deniability, it noted.
—IANS