A new report highlights that tech companies’ reluctance to publicly attribute cyber attacks to China undermines deterrence efforts, leading to a lack of public awareness and reducing pressure on governments to address the threat. The Australian Strategic Policy Institute criticized Palo Alto Networks Inc., a US cybersecurity company, for refraining from attributing a cyber campaign to China, citing concerns about potential retaliation. This avoidance of naming China is often driven by worries over market access and fears of reprisals.
The report contrasts the differing approaches of US firms like Google and Palo Alto in addressing cyber threats. While one company issued a generic alert about a global espionage campaign, the other explicitly identified China as a primary source of cyber threats. Google’s Threat Intelligence Group highlighted China’s significant role in cyber threat campaigns, particularly targeting defense suppliers and advanced technologies such as drones and unmanned systems.
The report emphasizes the need for collaboration between Western governments and industry to counter security threats posed by authoritarian states like China. It advocates for a partnership that promotes transparency and evidence-based attribution, suggesting that firms demonstrating these qualities should be rewarded with enhanced market access and reputational benefits. The report also proposes measures to limit companies’ involvement in sensitive operations in China to mitigate security risks.
Governments are urged to work closely with industry to assess supply chains for potential political vulnerabilities and to openly identify malicious state activities. Such actions are viewed not as escalatory measures but as necessary clarifications that inform the public, influence diplomatic communications, and limit plausible deniability in cyber operations.
