IT infrastructure security gets political
The U.S. and the European Union (EU) will by the end of the year be providing joint funding to help secure IT infrastructure in developing countries. Funding for this initiative is being made available via The Trade and Technology Council, a forum the U.S. and the EU jointly created last year to resolve disputes over several policy areas.
The effort is squarely focused on securing infrastructure that many of these countries have acquired from companies based in China. The concern is that despite promises to the contrary, the manufacturers of that equipment have been required by the Chinese government to install backdoors that could be exploited by cyberespionage services.
The U.S. has been trying to discourage countries from using product manufacturers based in China. However, many organizations have been acquiring IT infrastructure from vendors based in China rather than from rivals based in the U.S. or Europe. Some countries, however, have issued outright bans against using IT infrastructure from vendors based in China but there are also plenty of countries inside and out of the EU that already allow it.
It's not clear to what degree the funding being provided will be used to replace that equipment or attempt to better secure it. Regardless, it’s apparent that beyond merely cautioning against using that equipment the U.S. and EU are now putting proverbial money where their cybersecurity concerns are. IT vendors based in the U.S, and EU could even work with government entities on contract bids to compete with vendors based in China to build infrastructure in another country. The EU is also expressing interest in collaborating with the U.S. on building a more secure digital infrastructure in Ukraine.
Acquiring IT infrastructure, however, is one part of the cybersecurity equation. Many organizations in developing countries lack the resources required to make sure that infrastructure is secure. It’s not clear to what degree the U.S. and EU are prepared to provide additional funding to secure IT infrastructure. Regardless of approach, the global IT infrastructure market is now fractured along ideological lines. In fact, the Internet itself could devolve along those same lines as both China and Russia continue to extend their spheres of influence.
Cybersecurity is obviously now a much bigger factor when it comes to acquiring IT infrastructure. The days when the only major concern was relative price/performance are now officially over. A lot of IT infrastructure is going to be ripped and replaced in the months ahead as the US and EU apply a lot more economic pressure. IT infrastructure vendors in China will, of course, look to their government for additional financial aid to make their offerings as financially attractive as possible by, for example, making IT infrastructure part of a larger aid package being extended to a developing country.
In the meantime, cybersecurity teams will be asked to evaluate the risks of doing business in countries that use that equipment. A back door into the equipment can be employed to distribute malware to other networks regardless of what company provided the underlying infrastructure. Like it or not, businesses around the world are one way or another about to either pick a side or prove beyond a doubt the IT infrastructure they are employing is absolutely secure.