In the Wed Wall Street Journal, Spencer Ante describes the sale to China, we heard so much about [see http://online.wsj.com/articles/ibm-lenovo-tackle-security-concerns-over-server-deal-1403733716 ]. This is the X86 line of servers IBM builds. CFIUS still hasn't ruled on this deal and there are quite a few questions being asked about the risk of selling the server farm manufacturing line to China. Those questions are certainly late, but take into account the risks of selling a line of products like the Lenovo computers or the X86 servers to another country, especially one like China.
They are late because most server components and lots of servers are already made in China. So many, that it is almost impossible to look for a U.S. made server that is competitively priced. There are really two issues that Ante describes: the product vulnerabilities, and the maintenance vulnerabilities. Neither of these is new, but have been widely disregarded by Federal officials in the past.
Lenovo offered a solution to allow IBM to do maintenance on the product line for 5 years. This means the service would be provided by IBM, in some cases by U.S. citizens of IBM, but the computers would be made in China, and the parts and upgrades made from there. Whoever made such an agreement must not be thinking clearly. Firmware based attacks, embedded ways into the infrastructure for control and access, are not made by the maintenance person, but by the stuff he brings in to do upgrades.
The X86 server is ubiquitous in the enterprises of government agencies. Having them in the total control of the Chinese is not worth discussing. They are everywhere and while DoD "studies the possible effects" they don't need to study very long. Of all the places where Buy American is needed, this is the first. We need U.S. manufactured servers and we need to control our own parts and software distribution for those National Security parts of the infrastructure. Yes, it is more expensive; does that mean we can't or won't protect ourselves from the risks that go with it?
We have let this erode over the years and one day it will bite us. Not everybody is our friend. Maybe in the international markets there is a place for this kind of deal, but we should be exempting contracts that apply to that part of our networks. If we don't we could end up with the Chinese controlling our entire infrastructure. I doubt that even IBM thinks that is a good idea. Amazon books:
No comments:
Post a Comment