There are a growing number of Western technology companies, including Cisco, IBM, and SAP, that are caving to demands by Moscow for access to closely guarded product security secrets.
What the Russians are demanding is that Western tech companies to allow them to review source code for security products such as firewalls, anti-virus applications and software containing encryption. This must be done they say before they’ll allow the products to be imported and sold in the country. These “requests”, which have increased since 2014, are done, according to the Russians to ensure foreign spy agencies have not hidden any “backdoors” that would allow them to burrow into Russian systems.
The timing of these demands by the Russians comes at a particularly sticky time when Russia has been accused of a growing number of cyber-attacks on the West, including the recent US Presidential election.
But those inspections also provide the Russians an opportunity to find vulnerabilities in the products’ source code – instructions that control the basic operations of computer equipment – current and former U.S. officials and security experts said.
While a number of U.S. firms say they are playing ball to preserve their entree to Russia’s huge tech market, at least one U.S. firm, Symantec, told Reuters it has stopped cooperating with the source code reviews over security concerns. That halt has not been previously reported.
Symantec said one of the labs inspecting its products was not independent enough from the Russian government.
U.S. officials say they have warned firms about the risks of allowing the Russians to review their products’ source code, because of fears it could be used in cyber attacks. But they say they have no legal authority to stop the practice unless the technology has restricted military applications or violates U.S. sanctions.
From their side, companies say they are under pressure to acquiesce to the demands from Russian regulators or risk being shut out of a lucrative market. The companies say they only allow Russia to review their source code in secure facilities that prevent code from being copied or altered.
If tech firms do decline the FSB’s source code requests, then approval for their products can be indefinitely delayed or denied outright, U.S. trade attorneys and U.S. officials said. The Russian information technology market is expected to be worth $18.4 billion this year, according to market researcher International Data Corporation (IDC).
Six current and former U.S. officials who have dealt with companies on the issue said they are suspicious about Russia’s motives for the expanded reviews.
“It’s something we have a real concern about,” said a former senior Commerce Department official who had direct knowledge of the interaction between U.S. companies and Russian officials until he left office this year. “You have to ask yourself what it is they are trying to do, and clearly they are trying to look for information they can use to their advantage to exploit, and that’s obviously a real problem.”
However, none of the officials who spoke to Reuters could point to specific examples of hacks or cyber espionage that were made possible by the review process.
Source code requests are not unique to Russia. In the United States, tech companies allow the government to audit source code in limited instances as part of defense contracts and other sensitive government work. China sometimes also requires source code reviews as a condition to import commercial software, U.S. trade attorneys say.
Although there have been numerous reports that he didn’t say this now…but it is worth repeating, just in case, Vladimir Illich Lenin has been quoted that “We will hang the last capitalist with the rope they sell us.”
To read the entire article from the Reuters click here:
Photos courtesy Reuters video