Cyberwar: culture of silence

<B>KNOCK, KNOCK: According to US intelligence, China is the country 'most aggressively seeking to penetrate the computer systems of American businesses'.</B>
SIMON LETCH/Fairfax Australia
<B>KNOCK, KNOCK: According to US intelligence, China is the country 'most aggressively seeking to penetrate the computer systems of American businesses'.</B>

American companies are at war, but don't ask them why. They won't tell. They're besieged not by one another, but by hackers who target their intellectual property and confidential information.

Just how deep this cyberwar goes is largely unknown to all but the companies being targeted.

That's because they are staying silent in an effort to not aggravate the countries in which they are being hacked.

China is the site of the most cyber-aggression, and in many instances, the biggest opportunity for many businesses. Companies are turning the other cheek in an attempt to turn another check.

If the companies are not talking, how do we know it's happening?

Because the US government has noticed.

On Tuesday, The New York Times ran a piece highlighting the link between anti-US cyberattacks and the Chinese military.

In the Washington Post last week, word leaked that the United States has put out a National Intelligence Estimate that "identifies China as the country most aggressively seeking to penetrate the computer systems of American businesses and institutions to gain access to data that could be used for economic gain."

This is the front in the US cyberwar that it's not winning.

We know the US does fine when it comes to its sovereign cyber-warfare, waged on a state-to-state platform.

Take Stuxnet - the US/Israel initiative to destroy Iranian nuclear centrifuges through a complex cyberattack (not to mention an odd follow-up that purportedly blasted AC/DC's Thunderstruck at odd hours).

But when it comes to corporate sabotage and espionage, the United States is far less experienced than China.

Blame free-market capitalism: The US government does not intervene on the private sector's behalf to obtain information that would benefit the economy.

China, however, is far more adept at this because of its use of state capitalism (a system in which the state uses markets to create wealth that can consolidate its hold on power).

Yes, Obama announced some cyber-security proposals in his State of the Union address.

But any broad initiative to combat corporate cyber-espionage will have to come from corporate entities themselves.

So why haven't we heard about such efforts? Swaths of companies are getting hit, as the leaked elements of the National Intelligence Estimate imply, but they fear losing business from the world's second-largest economy and its largest trader (in terms of value of goods and services sold).

We've seen at least one company push back against China's repressive policies in the past: Google famously moved its Chinese searches to a Hong Kong URL so it could avoid Chinese Web censorship.

But Microsoft saw Google's exit as an opportunity. Referring directly to Google's decision to leave, Microsoft's chief research and strategy officer proclaimed, "Microsoft is committed to stay".

Google has paid a price: Its share of search in China is down from about a third to somewhere around 5 percent, lagging far behind its Chinese competitor, Baidu, which controls the majority. Baidu, of course, has close ties to the Chinese government.

The New York Times took a stand too. After publishing a piece on then-Prime Minister Wen Jiabao's secret wealth in October, the Times was bombarded by cyberattacks. Instead of keeping quiet, it retaliated by reporting on the attacks themselves. The Washington Post and the Wall Street Journal spoke out in a similar fashion.

The business models of Google and these publications revolve around freedom of information. For other businesses, the cons often vastly outweigh the pros.

That might help explain why Coke said nothing after it was hacked in 2009. After Coke tried to buy a Chinese juice company for US$2.4 billion, hackers took internal documents about the deal, which, as Bloomberg writes, "would have been the largest foreign takeover of a Chinese company at the time." (The story also claims that several other companies, including Chesapeake Energy, have been hacked but have said nothing.)

While it was well after the fact, Coke did admit to the hackings once the story broke in late 2012, but it tried to minimise the importance of the breach.

That late admission is still much better than the approaches of many other companies.

If anyone is able to take on China and bring about change, it would be an industry leader willing to make clear that it will not do business with a regime determined to undermine it.

But there's another concern: Not only does Coca-Cola fear lost business, it fears competitors might step in to fill the gap.

The best way to combat cyberattacks would be for dominant multinationals to coordinate with their closest competitors to draw attention to the problem and apply some pressure.

If Coca-Cola and PepsiCo were to wage a mutual initiative, we would see far more progress.

The same would go for Boeing and Airbus - or any other hegemon that teamed up with its closest competitor(s) - if they could collaborate on a united front.

If the companies themselves don't want to go out on a limb, they could get industry associations to do it for them.

For the pressure to be truly successful, it will need to be a concerted, coordinated effort among the companies getting hacked.

With their backing, the Obama administration can remind the private sector that even though they may not agree on domestic issues, international trade and fairness, they're well aligned.

In October, Secretary of Defense Leon Panetta claimed that a future cyberattack on critical US infrastructure could cause a "cyber Pearl Harbor".

On top of the potential for a catastrophic blockbuster event, attacks on American companies are already being waged every minute of every day. It's time for those companies to collaborate and pool their influence.

Ian Bremmer is the president of Eurasia Group, the leading global political risk research and consulting firm