Don't Let Your Children Grow Up to Be Cowboys
The firing of the Bob Maley, State of Pennsylvania’s CISO, allegedly because he spoke at RSA about an exploit that he and his team discovered, tracked and remedied, is chilling. There may have been other issues behind the firing, there always are (we call it politics), but it illustrates the extent to which cyber security reality is bumping into the naiveté of non-technical business management.

In this instance, the threat was past tense and what the team learned in the process was invaluable not only to the group in Pennsylvania, but to those who participated in the session at RSA. Security professionals today come up against a barrage of information from auditing or performance reports and logs that track everything that passes in and out of the firewall. Sorting out significant activity form normal traffic is an art form in and of itself--more computer séance than computer science.

Transparently Not in Pennsylvania
The case in point that Bob Maley shared was about an exploit in the Pennsylvania Drivers Licensing System. He and his team noticed the registration system for the exams was getting thousands of hits coming out of Russia. They real story was how they solved the puzzle and determined it was not state secrets the hacker was after, but a place at the head of the class. The owner of a Philadelphia driving school was using a proxy server to exploit a bug in the system which allowed him to schedule exams for his students. Normally, the waiting time to take an exam could be six weeks.

Security Breaches Raise Security Awareness
In my book, Bob Maley is more of an IT hero than a scapegoat. He has been out after dark and is not a newbie when it comes to dealing with the criminals or dealing with the press (not that the two professions have anything in common with each other). He is a former police officer and he has also been the cover story in SC Magazine about how he responded to a data breach in 2007 that compromised half a million state records. His first hand reporting of what a breach looks like and how to go about solving it with the cooperation of local authorities is not only relevant; but also, it raises the awareness of everyone about how easily data can be manipulated and misused. Nothing teaches security awareness better than a security breach.

So what went wrong with Bob Maley’s career? If he did not get clearance to speak at RSA, that is his own fault. However, I find it hard to believe someone with police training would not understand chain of command. I wouldn’t be surprised to find out that the problem had more to do with someone in a position of authority not understanding what a proxy server was, or how sinister the nature of cyber crime has become. We need to raise the level of awareness of cyber crime, not sweep it under the rug. It is a sorry state of affairs when those who lead successful security programs are viewed a paranoid control freaks, business roadblocks or public relations liabilities.

An IT Tells All Audio Book
If Bob Maley is taking a break between jobs, I hope he hooks up with a good writer and makes a bestseller out of the State of Pennsylvania fiasco. I would suggest the same thing to Terry Childs, the former network manager of San Francisco, who was still in jail awaiting trial, last I heard. His crime was
to withhold the network administrative password from someone with a nitwit's understanding of network operational security.

Google vs. China: China Already Won

Who is greater than Google? China is. Why would a multi-national corporation like Google not adapt to the laws and social mores of a country within whose borders it operates? It is a question worth asking, as we await the outcome of the Google/China negotiations over what Google calls censorship. China does not consider this a battle over censorship. They consider this a war of independence for their nation and their national interests. In certain respects, the Chinese are having a Tea Party moment.

More than just Censorship
The history of Americans abroad is littered with stories that demonstrate our naiveté and the cultural blunders caused by blind allegiance to the American way. We all had to read The Ugly American at some point in our education , which poignantly drives home the picture of the image of Americans behaving badly in southeast Asia.

So if Google wants to accuse China of censorship, that may make everyone on this continent feel better, but it is not the same argument that China is making. China is motivated by its own sense of nationhood. It wants to solidify the business advantage that home grown search engines, like Baidu, have in China. One of the most important facts underlying the Google China standoff is the economic reality that Google only has 30% of the search engine market in China. If Google is not growing that %, then it is losing ground and it is only a matter of time before Google loses its foothold in Chinese commerce altogether.

Frontal attack on Intellectual Property
Google is in a delicate position in China, because its own employees apparently collaborated with the other side. Chinese hackers may have been aided in their deep penetration of 30 + American based businesses, especially those companies who dominate the technology marketplace, by employees and former employees of Google.

Furthermore, Google is in the unenviable position of having to accuse the Chinese government of attacks on its intellectual property. IMHO, Google is hanging in with the negotiations with China, but is probably willing to return to China’s censorship rules, if they get some concessions from the Chinese government about the cyber attacks. Google would like to see China taking action against the cyber-attackers, or cracking down on the military efforts of the Chinese government to support those hackers.

Intellectual property is an American concept
I am not taking sides, I am observing the forces at work. Google’s core philosophy is that its search engine should be the online interface to online resources. China, on the other hand, may be manifesting the philosophy that searching is an invaluable tool, a means to an end-- not the exclusive property of one corporation. Search engines are about making the world library of information available to all. And why shouldn't Chinese information searchs benefit those who live and work in China? Those of you who have lived abroad may have observed that what American based software publishers call “software piracy” is a not viewed as a crime. The concept of intellectual property is a cultural disconnect, at least in China. It doesn’t translate well into the nation state mentality of many cultures that operate in other parts of the world. I see Google’s posturing in China as Custer’s Last Stand. American business, under the guise of Google is about to get a lesson in cultural relativity.

Google--Benign Dictator or Maverick?

There are many in my circle who are quick to point out that Google is headed for world domination and that would not be a good thing. My logical brain accepts this as fact. But I must confess, who wouldn’t have a soft spot in their heart for Google, upon reading they have set up a web application for Chileans to ask for and receive information about their loved ones who are lost or missing as a result of the 8.8 earthquake? And I do respect Google for staying mostly on the high road in response to the efforts of China-based hackers to grab information on Chinese dissidents.

Taking the High Road

As I go down this road of thinking that Google governance is consistently that of a world citizen, I have to remind myself that not only some of my friends, but the rest of the world does not see Google that way. Google’s economic dominance of the online search advertising business (over 70% of the market for search advertising) has become synonymous with American financial interests. Countries like Iran and China want to own the revenues from the search engine business within their borders and see Google’s reach as American colonialism of the first order. And the role of American financial firms in destabilizing governments in other countries by selling them hokey financial services products only adds fuel to the fire of the anti-American business sentiment.

Google Goodie Two Shoes

So where does my admiration of Google come from? I must admit to a certain amount of Schadenfreude that Microsoft is currently on the losing end of anything. However, I think it comes from my respect for the fact that Google is writing their own game plan. If any modern organization has demonstrated a sense of collective corporate ethics, you could make the case for Google. Witness their recent protestations that Microsoft is the proxy funding the anti-trust law suits against Google at home and abroad. To me it is quixotic that Google would call out a competitor like Microsoft for using legal shenanigans to make trouble for Googleopoly. However, in the war for public opinion, it might make a difference to claim that Microsoft is cheating, and it re-enforces the Google brand as an Honest Abe.

Taking the Law Road

The trouble with benign dictators is that they tend to believe their own propaganda. World opinion is fickle, but law suits and the rulings of the European Union are all about money. I hope Google proves me wrong about its being a benevolent dictator and takes a page from the Microsoft handbook. They need to get legal, go on the offensive and get their hands dirty in court. Apple, Microsoft, SONY and even XEROX are getting into the patent litigation game. This first spate of law suits could well be the beginning of the end of Google’s dominance.

No doubt about it, Google is an original and comes up with some surprisingly un-corporate moves. What’s not to like about a Maverick? But it is time for Google to beware. Mavericks tend to get cut off from herd when the wolves attack. Unfortunately for Google, the wolves are at the door. There is a battle brewing, not just in America, but around the world for economic stability. To all my friends who fear the Googleopoly, I say “Relax.” To paraphrase Mark Twain, “ I have seen a lot of trouble in my life, but most of it never happened.”