There has been a lot of press this week about the US government’s decision to formally ban the use of software from Kaspersky Lab. The ban arises from concerns that the company may have ties to the Russian government, specifically the intelligence services. Concerns that Kaspersky denies.
These concerns don’t just involve the government. Also this week, Best Buy removed Kaspersky products from their shelves, saying they will no longer sell the software due to these concerns.
This is reminiscent of concerns about Lenovo, the Chinese-owned computer company that purchased IBM‘s personal computer business back in 2005. Several government agencies, both in the United States as well as some other countries, issued warnings or outright bans on Lenovo computers out of concern that the Chinese government may have placed “bugs” in the computers for intelligence or industrial espionage purposes.
With the number of high tech firms based in foreign countries, the landscape has certainly changed. It’s not practical to think that you can only use hardware and software that is manufactured entirely in the United States. In fact, it is extremely difficult to find a piece of computer hardware that does not have at least a part of it made in China these days. Even if you purchase as US brand, like Dell or HP, you are almost certainly buying a computer that was made in China, at least partially.
Based on that, it’s tough to consider these bans as able to be effective. The fact is that so much of our technology is, in one way or another, flowing through countries with whom the United States may have concerns about. The very nature of technology in today’s interconnected world, also makes it nearly impossible to guarantee that a state actor does not or could not have the capability to infiltrate those systems, be they hardware or software.
This does not even touch on the fact that many companies, in the United States and abroad, rely on foreign workers to fill open technology jobs that far exceed the available workforce in these countries. These individuals could pose insider threats to the companies they are brought in to work for.
At the end of the day, technology is a truly global industry. No one country can truly control the source and methods of production for every piece of technology in use within their borders. This extends to the human capital involved in designing, manufacturing, implementing, maintaining and supporting this same technology.
I’m not saying I think these bans or concerns are fool hardy. Quite the contrary. They reflect reality and are a real concern, especially within government circles. I’m simply concerned that banning certain manufacturers may lull businesses and individuals into a false sense of security by not having those products in their environments.