Questionable loyalties: the cybersecurity implications of buying system software from foreign companies
At the very same time we are concerned about cyber-attacks, phishing attacks, botnet invasions, and other penetrations of our personal, industrial, and national defense systems and networks, we're turning over the protection of those systems to foreign companies with possibly questionable loyalties.
This is becoming a national security issue. We may need to establish defensive strategies that include blocking (or at least shining a light on) security products we rely on, produced by foreign agents or agencies.
See also: North Korea ships malware-infected games to South Korean users, uses them to launch DDoS attacks
Anti-malware company Kaspersky Lab is Russian. Disk imaging heavyweight Acronis has Russian developers (I know, because I talked with them while doing a product evaluation). Antivirus maker Panda Software is headquartered in Spain. AVG Technologies (makers of the free antivirus software many of us use) is located in the Czech Republic. Antivirus maker Avira is German. Antivirus maker F-Secure is based in Finland. Trend Micro is Japanese, and the list goes on and on.
See also: Technology policy challenges faced by the U.S. Federal Government (video seminar)
Then there's our computer hardware. We're all intimately familiar with the iPhone and iPad. Those, along with most of our desktop motherboards and laptops, are made in China. Yes, China, the very same country that has been disturbingly comfortable probing our network defenses.
See also: Welcome to the new Cold War: China vs. the United States U.S. finally acknowledges Chinese and Russian cyberthreat
Of course, we're not without culpability here in America, ourselves.
Many of the largest software makers are American, and so -- especially in the light of the Stuxnet allegations raised by The New York Times -- we shouldn't be too surprised if foreign buyers show some reticence to trust American-made goods.
See also: Breaking news: NY Times claims US released Stuxnet with Israel and it accidentally escaped Microsoft turns over all Win7 and server source code to Russia's new KGB
Globalization has always been a double-edged sword. The world is a big place, and there are huge markets outside of the United States. That's good, because -- in theory -- it brings money into the US. I say "in theory," because, as we've seen, most of that money really stays outside our borders, to avoid paying Uncle Sam his fair share.
See also: Apple: made in China, untaxed profits kept offshore
But there are also people in third-world countries willing to work for a fraction of what we need to get paid. So while we can buy our consumer goods for less money than they'd cost if made in America, we have less buying power, because so many manufacturing jobs have gone overseas.
See also: How To Save Jobs
We're seeing the double-edged sword with cybersecurity as well. There are talented developers all over the world, and we'd like to be able to benefit from their fine programming chops.
But in the same countries where programming skills are being used to write seemingly excellent software, there are authoritarian regimes also willing to attack us over the Internet, and penetrate our not-as-secure-as-they-should-be systems.
See also: The Threat of "Sleeper" Software
Do you trust commercial programs made in foreign nations, particularly those nations with authoritarian regimes or a history of cyberattack? TalkBack below and let me know whether you trust foreign software and hardware?