The IT security industry is moving dangerously close to a balkanization along national borders that might wind up serving the best of interests of cybercriminals. As the amount of cyber-espionage that occurs becomes more apparent to political leaders, there’s a tendency to cast aspersions any time there is a major breach.
For example, many members of the intelligence community in the U.S. have decided that security software from Kaspersky Lab has been compromised because under Russian Law the company that has its headquarters in Moscow is obligated to share source code with various Russian agencies. A security breach involving a contractor working for the National Security Agency is being attributed to a hack of the Kaspersky code base by persons unknown. Despite those concerns, however, Kaspersky Lab revealed this week it has signed a cyberthreat research agreement with INTERPOL, the international police agency that among other things helps track down cybercriminals operating across borders.
This brewing crisis heated up some this week when Symantec announced it will no longer allow any government to review its source code. Many countries, including Russia and China, demand access to source code before allowing any software product to be sold in their country. IT security vendors are now being asked to essentially choose between the integrity of their offerings and their ability to compete in a global market. It conceivable that some countries will respond by revoking Symantec’s ability to sell software within their borders. It’s not too hard to see that should this trend continue there will be one set of security software available in free markets versus another set of software that might only be available within a closed marketplace.
Caught in the middle of those two extremes will be IT security professionals that often work collaboratively with one another to secure the IT environments of their employers. Before too long some countries might decide that type of collaboration is no longer in their national interests.
Cybercriminals around the world are watching all this unfold with bemusement. They realize that the less the IT cybersecurity community can coordinate an effective response, the more likely it becomes they will continue to succeed. Hopefully, cooler heads will prevail. The Trump Administration this week nominated Kirstjen Nielsen to be head of the Department of Homeland Security. As a founder of a risk and security management consulting firm, Nielsen reportedly would be the first head of DHS to have an extensive background in cybersecurity.Cybercriminals are profiting from hacking tools developed with tax dollars collected by governments.Click To Tweet
Intelligence agencies and IT security firms have often been working at cross purposes for years. Most intelligence agencies have spent years developing advanced tools to get past the defenses of their adversaries. Unfortunately, those agencies don’t keep as tight control over the tools and hacks they develop as they like to pretend. The unfortunate result is that cybercriminals are stealing money and data by using tools and techniques developed using tax dollars collected by governments.
Obviously, there are no easier answers when it comes to the role governments play in IT security. But it is incumbent on IT security professionals to make sure the leaders of their organizations are at the very least first making an informed decision and then, secondly, sharing their concerns with government officials.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot.Mike also blogs about emerging cloud technology for Intronis MSP Solutions by Barracuda.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.