About Scott Cleland
![]() |
|
You are hereGoogle Epitomizes Cyber Systemic Risk
Submitted by Scott Cleland on Fri, 2015-09-11 17:24
Google’s unprecedented concentration of most all Web information, services, users, publishers, advertisers and developers, in combination with Google’s extensive track record of unethical, illegal, and predatory behavior, makes Google the epitome of cyber systemic risk to many industry ecosystems substantially affected by, or dependent on, the World Wide Web. “Cyber systemic risk” is Internet-driven risk that threatens to destroy the business viability of industry ecosystems. (For more on “cyber systemic risk” see this chart on Precursor’s new website.) The purpose of this summary analysis is to help ensure that Fortune 500 companies’ enterprise risk management programs have identified, and are diligently addressing, the potential severe cyber systemic risk Google may present to their enterprise, given that Google claims 60% of Fortune 500 companies are paying clients of Google’s enterprise services; and given the evidence below that shows Google to be an exceptional cyber systemic risk hiding in plain sight. Summary of Google’s Unparalleled Cyber Systemic Risks
1. Google’s Single-Point-of-Failure Cyber Systemic Risk Google has become such a large and foundational bearing point for so much of the Web’s connections, services, production, efficiencies and benefits in the global digital economy, that Google increasingly represents a de facto single-point-of-failure, cyber systemic risk. The Internet and Internet protocol are not prone to a single-point-of-failure because the US DOD originally designed them to survive a nuclear attack. However in stark contrast, Google’s Web platform is hyper-integrated, and near-totally centralized by design, to operate as the de facto largest single computer in the world. While Google has fifteen data center locations globally, Google’s software platform is near perfectly integrated, unified, and centralized to optimize speed and efficiency, which creates a huge potential, single-point-of-failure, cyber systemic risk for any entity depending on Google for key parts of their business or operation. Few have any idea how much of the Web depends on Google. 60% of Internet devices and users exchange traffic daily with Google’s servers; >50% of websites’ traffic involves Google analytics, hosting and ads daily; and ~25% of the Internet’s daily traffic is Google, per Deepfield research. The Web learned in August of 2013 that Google is in fact a real potential, single-point-of-failure, cyber systemic risk because global Internet traffic fell by 40 percent during a five minute period when Google suffered a complete global blackout of all its services.
2. Google’s Linchpin Cyber Systemic Risk – As Most Depended Upon Global Web Platform Few realize how central Google has become to global commerce in so many ways. Even if an entity does not use or depend on Google directly themselves, indirectly they may depend on Google because their key customers, partners, suppliers, supply chain, data providers, exchanges, marketplaces, outsourced contractors, etc. may depend on Google to varying degrees that they do not appreciate – hence the “systemic” risk. Over two billion people have Google accounts which rely upon some of Google’s plethora of products and services to play their efficient part in the economy. Over a billion people use and rely on these Google services: Search, YouTube/video distribution, Maps/directories/location services, Gmail/communications, Android operating system, Chrome browser, Play app store, and a half billion active users rely on Google Translate. Consider: Google search offers a uniquely large and comprehensive information set via the world’s largest index size >100 million gigabytes that’s generated from crawling over 60 trillion unique URLs. Android users check their smart phones 125 times a day, and Google’s #1 domain name server resolvers handle >70 billion DNS address requests daily. Google claims five million organizations, including 60% of Fortune 500 companies, are paying active clients of its enterprise services. Google serves 4 million advertisers, 2 million more than any other digital advertiser. Over 2 million websites are Google display ad partners and 1.2 million websites depend on Google Maps. ~98% of the top 15 million websites globally depend on Google Analytics for their advertising livelihood. All of this commerce, connection, and economic activity depend entirely on one single hyper-integrated/unified/centralized software platform system that two years ago proved that it can fail completely without warning.
3. Google is America’s Cybersecurity Achilles Heel, Cyber Systemic Risk Overwhelming evidence indicates that Google is the weakest link in America’s cybersecurity chain. Google’s ecosystem has already been near totally compromised by Chinese hackers. Quantitatively, Google is the biggest hacker target in the world because it controls the world’s largest Internet ecosystem of people and information. Qualitatively, Google is the biggest hacker target by virtue of Google’s comprehensive and intimate profiles on over two billion people and its unique mission to "organize the world's information and make it universally accessible and useful." In addition, Security is not a high priority to Google; it is subordinate to speed, scale and first mover advantage. Google also does not believe security is Google’s responsibility, and as a result it is most prone to malware. Moreover, Google is culturally and philosophically averse to strong cybersecurity. Hence it should be no surprise that Google’s Android operating system has rapidly grown into Google’s cybersecurity weakest link.
4. Google’s track record has a proven Google untrustworthy For a company that so many blindly depend on for so much, and that is assumed to operate as a responsible corporate citizen, overwhelming evidence indicates that the current effective global blanket assumption of trust in Google is epically flawed. The evidence shows Google: fosters a culture of unaccountability; deceptively brands and misrepresents its business; evades sovereign accountability; flouts the rule of law; operates in an irresponsible unsafe manner; takes others’ intellectual property; and disrespects users’ privacy.
5. Google has unparalleled information/market power to disintermediate with impunity Google surveils more people and businesses, in more ways, for more data, than any other entity. Google is also involved in widespread wiretapping. Only Google’s commercial surveillance syndicate tracks most all users and businesses’ customers via Google Analytics at 98% the top 15 million websites; Google pays 2 million websites ~$12b yr to collect data on users’ and business customers’ behavior, interests and locations; and ~90% digital advertisers pay Google ~$60b yr to target users via data profiles. Google’s data dominance is purposeful. No other entity in the world has a stated omniscient mission; an omnivorous information and surveillance appetite; a practically omnifarious repertoire of products/services to collect information; and practically omnipotent web ambitions. Google’s data dominance is lasting because it is the only ecosystem in the world where: users/buyers can go for ~all information; publishers can go for ~all advertisers/readers/viewers; and advertisers/sellers can go for ~all users/buyers. No other entity can match Google’s rapidly consolidating scale, scope, reach and capabilities. Many resultant Google anticompetitive risks threaten many Fortune 500 enterprises via:
Conclusion: In sum, Google manifests real and serious cyber systemic risk to many Fortune 500 companies. At a minimum, many Fortune 500 companies should evaluate if Google’s unparalleled cyber systemic risks present material enterprise risk to their businesses, warranting becoming part of their enterprise risk management (ERM) processes. That’s because the evidence here exposes that many Fortune 500 companies face dramatically more enterprise risk from Google than they or their enterprise risk management processes currently appreciate or reflect. Out of sight may be out of mind, but not out of danger. Forewarned is forearmed.
Scott Cleland served as Deputy U.S. Coordinator for International Communications & Information Policy in the George H. W. Bush Administration. He is President of Precursor LLC, an emergent enterprise risk consultancy for Fortune 500 companies, some of which are Google competitors, and Chairman of NetCompetition, a pro-competition e-forum supported by broadband interests. He is also author of “Search & Destroy: Why You Can’t Trust Google Inc.” Cleland has testified before both the Senate and House antitrust subcommittees on Google and also before the relevant House oversight subcommittee on Google’s privacy problems.
» |