With yesterday’s announcement that Lenovo would be acquiring a portion of IBM’s server hardware product line, much as they did their desktop PC and laptop business back in 2005, the question of the security once again rears its ugly head related to made in China computer hardware.
This is not an issue about the quality of the products; the ThinkPad line of Lenovo notebooks, considered one of the best products on the market from IBM, has retained its standing as a quality and innovative product in the 8 years since the Chinese acquisition. But in light of the many alleged Chinese-based hacking attacks on the US, and concerns over hardware based malware, the issue of building your datacenter around hardware that is owned by a Chinese company and built in China, is a real one.
Back in March 2013, the US government banned the purchase of Chinese-made hardware after a series of hacking attacks on government sites supposedly at the direction of the Chinese government. While these attacks were officially denied by China, it did raise a specter of fear over the potential that hardware coming from China could already be compromised. The government ban did allow for the purchase of equipment provided that the FBI approved the purchase after assuring that the hardware was not compromised and that there was no cyber security risk associated with the hardware.
According to an article last July in the Australian Financial Review, intelligence agencies in the US, Britain, Canada, New Zealand, and Australia had already internally banned the use of Chinese-made computers (though the Australia Department of Defense later denied the claim, stating that here was no ban on the use of Lenovo hardware on their networks, but that no one had, at the time of the report, asked to have Lenovo hardware accredited for use on their networks).
It should be noted that this sale to Lenovo was only of the X86-based server line. IBM retains the manufacturing and ownership of the various Power-based servers, z system mainframes, and its Pure series of appliance hardware. Lenovo will become a global reseller of many of the IBM products it is not acquiring, aiding IBM’s entry into Asian markets, specifically China, where it has been having problems gaining a toehold.
So how do you feel about this issue? Is the potential for built-in security problems enough to stop you from building your datacenters on Lenovo server systems?