Three recent news stories caught my eye this morning and all three have to do with the same issue: use of the cyber world for less-than constructive purposes. Two are very similar, one is a bit farther afield. The common thread is that all are instructive and collectively a “wake-up call” for American business.
First, the “farther afield” story. MSNBC reported yesterday that the North Koreans have a super secret “cyberwar college” that trains students in cyber warfare, (“Secrets surface about North Korea’s cyber war college,” 11 May 2011, Matt Liebowitz.)
Coursework takes five years to complete and the school reportedly trains up to 120 students a year in one of five areas of instruction: electronic engineering, command automation, programming, technical reconnaissance and computer science. The school has been in existence for 15 years… That’s right – 15 years!
It’s notable that a country unable to feed its citizenry has invested such significant resources into developing skill sets to employ a full range of cyber activities developed solely to achieve an equally wide range of nefarious and destructive ends. Think theft of intellectual capital. Think of your IT system being co-opted and part of a botnet under someone else’s control. Think of your business banking, accounting and financial records being manipulated or destroyed and in a worse-case – think of a Stuxnet like attack that wreaks havoc on your company’s operations. In the months it would take a skilled forensic IT team to unravel the damage, your business would be long dead. Sound far-fetched? Well, it shouldn’t.
Nation states, terrorist groups, organized criminals and malicious hackers actively scan and attack U.S. businesses and U.S. government networks thousands of times each day. These same nation states invest considerable capital into protecting their own collective cyber assets. Sadly, in the U.S. we don’t approach things that way. Here, it’s every company for itself and unfortunately, very few – if any – are up to the challenge. Hardly a week goes by when we don’t hear of a successful hacker attack on a large bank, credit card company or other major corporate player. Just two weeks ago, it was Sony’s PlayStation Network.
Deliberate misuse of the web is an even more insidious issue
The other two stories underscore a similarly dire threat to all U.S. businesses – and one that cuts straight to what we at P2R Associates do for a living. This one concerns your company’s reputation.
Both China, and our very own Facebook, along with Facebook’s public relations firm, Burson-Marsteller, have been very active in using social media to manipulate their audiences with disinformation – i.e., to hide the truth. (“China’s web spin doctors spread Beijing’s message,” AFP, 12 May 2011, Pascale Trouillaud; “Facebook red-faced after PR attack on Google,” AFP, 12 May 2011, Chris Lefkow; “Facebook Busted in Clumsy Smear on Google,” The Daily Beast, 12 May 2011, Dan Lyons.)
The aging autocrats in China have long engaged in industrial espionage, intellectual property theft and every other sort of underhanded activity imaginable, so it’s not surprising to learn that they have employed “legions” of “web commentators” who are paid to spread politically-correct arguments and propaganda through online forums, chat rooms and other means in order to promote the party line.
We all know China’s reputation concerning intellectual property, industrial and state-espionage, currency manipulation and similar unfair / illegal practices. Unfortunately, such bad cyber-behavior comes as no surprise from that quarter. It’s wrong. It’s deceptive. It propagates a lie. Ironically, it displays the ignorance of Chinese leaders for the entire world to see – including China’s own citizens, many of whom I suspect aren’t fooled.
In Facebook/Burson-Marsteller’s case, it’s a whole, ‘nother, disgusting little story – and the more it unfolds, the more disgusting it becomes.
Let’s consider: in this case, a major American company – Facebook (which should have known better) – initiated a campaign to deliberately deceive the public about a rival. What’s even more despicable is that a major public relations firm – Burson-Marsteller – knowingly took on the assignment, even though Facebook insisted its name be withheld as Burson’s client!
Even more remarkably, the CEO of Burston-Marsteller, Mark Penn, has admitted that lack of transparency violated their own policy, “Whatever the rationale, this was not at all standard operating procedure and is against our policies, and the assignment on those terms should have been declined.”
So let’s be real clear: a powerful public relations firm took on an assignment to knowingly smear the rival of its client. The plot only came to light when a blogger whom Burson-Marsteller approached, refused to run the story when Burson would not reveal the client.
Since I’m on a role here – and this is a blog – I will say that Burson-Marsteller needs to immediately “stand-down” and address its serious ethical breach. A company-wide “in-service training” starting with a review of the Public Relations Society of America’s Code of Ethics should be today’s order of business. A few tidbits from the Preamble should start things rolling (Bold emphasis added):
We serve the public interest by acting as responsible advocates for those we represent. We provide a voice in the marketplace of ideas, facts, and viewpoints to aid informed public debate.
We adhere to the highest standards of accuracy and truth in advancing the interests of those we represent and in communicating with the public.
We acquire and responsibly use specialized knowledge and experience. We advance the profession through continued professional development, research, and education. We build mutual understanding, credibility, and relationships among a wide array of institutions and audiences.
We provide objective counsel to those we represent. We are accountable for our actions.
We are faithful to those we represent, while honoring our obligation to serve the public interest.
We deal fairly with clients, employers, competitors, peers, vendors, the media, and the general public. We respect all opinions and support the right of free expression.
A thorough review would be for starters.
I will add that as a career-long communications professional, business-owner, near 30-year Navy Reserve public affairs officer and former Defense Information School staff member – such an ethical lapse by any practitioner is in my mind unpardonable.
Bottom line wake-up call for business
Here’s my promised wake-up call:
First; no matter how large or small – all businesses are at risk. Hackers are a very real threat and American businesses are ripe targets. The potential damage of a coordinated assault on our economy would be devastating and second only to the damage it would do to individual businesses. It behooves all businesses to employ skilled IT professionals who can maintain strong defenses and a robust data recovery program.
Second; regardless of size, no business can neglect social media and media monitoring. However simple it might be, every business should maintain an online presence and monitor its name. The latter will allow a business to quickly detect a smear, while the former provides the means to instantly correct or counter it.
Remember – had a single blogger not blown the whistle on Facebook and Burson-Marsteller, their smear campaign might have worked very well and Google would have spent considerable resources transitioning from reaction to successful correction. Few businesses have Google’s resources or technical savvy and a single, determined person could cause similar havoc to virtually any business.
Final wake-up call: if you have a business, first – you need to have a web presence. No longer just a nicety or marketing support effort – these days, it is your lifeline to your customers, suppliers, partners – and markets around the world. Moreover, it is your first line of defense in the event of any kind of attack or disinformation smear.
No matter how small – businesses of all size cannot neglect having a “social media strategy.” It must be part of your company’s communication plan – no matter how small your company or how tiny a role web-based activity might play.
Like having a safe place to ride out a hurricane – your business needs a strong defensive position on which to fall WHEN a web-centric attack occurs. Notice I said “WHEN” and not “if.”