IBM, Lenovo server deal potentially scuppered over security

Lenovo's plan to buy IBM's x86 server business is facing delays over national security concerns.

The Wall Street Journal reports that US security officials and members of the Committee on Foreign Investment in the United States (CFIUS) are worried that clasping hands on the sale could result in a weakness of US national security.

IBM's servers are used in communication networks and datacenters that support the Pentagon's systems. If Lenovo buys IBM's server business, according to sources close to the matter, US officials worry that the Pentagon's networks could end up being accessed remotely by "Chinese spies."

US officials are also worried that servers may be compromised through maintenance.

The sale, worth $2.3 billion, was announced in January. Under the terms of the deal, Lenovo takes control of IBM's System x, BladeCenter and Flex System blade servers and switches, x86-based Flex integrated systems, NeXtScale and iDataPlex servers and associated software, blade networking and maintenance operations. IBM's current x86 employees have been offered work with the Chinese software giant.

The publication says that IBM and Lenovo have refiled their application to buy more time to gain regulatory approval. Both firms are trying to address CFIUS concerns, and have said that IBM will maintain the servers on Lenovo's behalf "for an extended period" after the sale is finalized. Maintenance could range from software updates to changes in hardware.

This is not the first time that the US government has demonstrated concern over a Lenovo-IBM deal. After IBM sold its PC business to Lenovo in 2005, according to an unnamed senior military cyber official who spoke with the WSJ, the US Air Force received a shipment of Lenovo laptops. Tests on the Lenovo models revealed that the laptops were "connecting to China," and while the purpose of these connections was unknown, it was unauthorized. The laptops were promptly returned and US-based company machines were purchased instead.

In the case of the x86 business, which ties servers together to make small clusters act like more powerful machines, such unauthorized connections and routes into networks could be problematic for US national security.

An IBM spokesman said both firms are looking forward to a positive outcome after the review process is complete.

The US government has criticized China in recent times for its alleged involvement in cybercrime against US companies and the government itself. In May, troubled relations between the two countries escalated after the US charged five alleged "military hackers" with hacking into US corporations to steal sensitive data valuable to Chinese firms.

Following the charges, China has struck back at the US government with accusations of its own. China's Ministry of Defense posted a statement on its website, calling the charges a "pure fabrication by the US, a move to mislead the public based on ulterior motives." The agency also said:

"From 'WikiLeaks' to the 'Snowden' case, US hypocrisy and double standards regarding the issue of cyber security have long been abundantly clear."

In addition, China suspended cooperation with the US on cybersecurity issues, and banned the use of Microsoft's Windows 8 operating system on all new government computers. Chinese banks are also being urged to replace high-end IBM servers with locally made alternatives.