- Joined
- Jan 3, 2009
- Messages
- 2,605
- Points
- 0
Security has to be a primary concern in the next generation of innovation.
Lessons From Google vs. China: Speed Without Security Is Bad Business
While we wait for next move in the standoff between Google and China, the most profound impact of the dispute may have little to do with Internet censorship. Rather it is likely to change the shape and speed of development in the information technology sector.
The announcement that the search engine giant was hacked in China highlights emerging tensions between a globalized model of innovation and security of companies that should lead them to pause the pace of change to emphasize security and reliability.
Moving production and research and design overseas, not just connecting them virtually, can have a negative impact on security. The fact that counterfeit Cisco routers — a critical component in Internet transmission — have already showed up in the networks of major technology companies and defense contractors demonstrates how porous supply chains are.
The first tension is geographic. Over the last two decades, multinationals have globalized innovation by setting up research centers in many corners of the world and linking R&D, manufacturing, and supply chains in dispersed markets.
Massive information and communication technology networks allow a project, whether developing new software or designing the next generation of microprocessor, to be worked on almost continuously as daylight moves from Oregon to India and then to Israel and Ireland and back to Oregon. As the Internet remains the main vehicle of this global cooperation, each link in that chain introduces vulnerabilities that can be exploited by criminals as well as “patriotic hackers” — individuals or groups who, with tacit or direct government support, steal valuable intellectual property.
According to security firm Netwitness, over the last 18 months hackers in China and Eastern Europe broke into over 2,500 computers in companies and government agencies in order to steal sensitive data.
Moving production and R&D, not just connecting them virtually, can also have a negative impact on security. Geography still matters since physical supply chains that involve sharing of components are vulnerable as intelligence agencies insert spyware into chips and other hardware at the point of manufacture.
The fact that counterfeit Cisco routers — a critical component in Internet transmission — have already showed up in the networks of major technology companies and defense contractors demonstrates how porous supply chains are.
In the rush to get new products to market, the number of problems introduced has grown significantly.
Time is the other source of tension. Technology is spreading at an ever-faster pace and the time to market for new products has been radically shortened. To remain competitive, companies must innovate at breakneck speed, but the focus on speed has come at the expense of reliability, safety and security. Google may be the best example, with small teams of engineers racing to get Google Maps, Gmail, Picassa and other products out on the Web. Some products worked, some didn’t, but security was often an afterthought in development — as the recent outcry over security and privacy concerns on the social networking service Buzz clearly demonstrates.
Most of the industry acted the same way and promoted speedy innovation over security. In the rush to get new products, with new features to market, the number of errors introduced has grown significantly. Many of these bugs are security vulnerabilities that can be used to access proprietary information or alter operations, and it is suspected that the hackers gained access to Google through a vulnerability in the Internet Explorer Web browser. This was less a problem when computers were not as crucial as they are today, and when manual backups for power plants and military communications still existed, but now IT must be as reliable as every other form of infrastructure.
The lesson for the IT industry is that security has to be a primary concern in the next generation of innovation.
Hopefully, the tide may be turning. For months Google resisted making industry standard encryption the default on Google Mail, Docs and Calendar because it would impede the flow of information as well as slow users’ computers by making them decrypt extra data. After going public about the hacking from China, Google enabled this protection by default.
The lesson for the IT industry is that security has to be a primary concern in the next generation of innovation. Safety must be baked in at the design level and not as an afterthought. Retrofitting systems once a vulnerability is exposed does not work and companies that do not realize this will pay a price.
Outsourcing of manufacturing will continue, but it must do so under much tighter monitoring of the transfer from intellectual property to production.
Companies also need to rethink where they conduct R&D and manufacturing. Keeping them in the home country could limit theft of intellectual property and contamination of the supply chain.
When closeness to foreign markets is critical, multinationals should let governments know they are basing their decisions on where to site a research center not only on access to talent and infrastructure, but also on security.
As a result, companies would be more careful about selecting countries before setting up R&D abroad. Outsourcing of manufacturing will continue, but it must do so under much tighter monitoring of the transfer from intellectual property to production.
The lesson of Google versus China for IT companies is to stop and take a breath. Where goods are designed and manufactured still matters. and racing off to some foreign location can mean the loss of intellectual property. First out of the gate is going to be less important.
We all may be better off if the pace of innovation slows just a bit so we can be safer.
Rob Knake is an International Affairs Fellow and Adam Segal is the Ira A. Lipman Senior Fellow at the Council on Foreign Relations. Copyright YaleGlobal 2010.
Lessons From Google vs. China: Speed Without Security Is Bad Business
While we wait for next move in the standoff between Google and China, the most profound impact of the dispute may have little to do with Internet censorship. Rather it is likely to change the shape and speed of development in the information technology sector.
The announcement that the search engine giant was hacked in China highlights emerging tensions between a globalized model of innovation and security of companies that should lead them to pause the pace of change to emphasize security and reliability.
Moving production and research and design overseas, not just connecting them virtually, can have a negative impact on security. The fact that counterfeit Cisco routers — a critical component in Internet transmission — have already showed up in the networks of major technology companies and defense contractors demonstrates how porous supply chains are.
The first tension is geographic. Over the last two decades, multinationals have globalized innovation by setting up research centers in many corners of the world and linking R&D, manufacturing, and supply chains in dispersed markets.
Massive information and communication technology networks allow a project, whether developing new software or designing the next generation of microprocessor, to be worked on almost continuously as daylight moves from Oregon to India and then to Israel and Ireland and back to Oregon. As the Internet remains the main vehicle of this global cooperation, each link in that chain introduces vulnerabilities that can be exploited by criminals as well as “patriotic hackers” — individuals or groups who, with tacit or direct government support, steal valuable intellectual property.
According to security firm Netwitness, over the last 18 months hackers in China and Eastern Europe broke into over 2,500 computers in companies and government agencies in order to steal sensitive data.
Moving production and R&D, not just connecting them virtually, can also have a negative impact on security. Geography still matters since physical supply chains that involve sharing of components are vulnerable as intelligence agencies insert spyware into chips and other hardware at the point of manufacture.
The fact that counterfeit Cisco routers — a critical component in Internet transmission — have already showed up in the networks of major technology companies and defense contractors demonstrates how porous supply chains are.
In the rush to get new products to market, the number of problems introduced has grown significantly.
Time is the other source of tension. Technology is spreading at an ever-faster pace and the time to market for new products has been radically shortened. To remain competitive, companies must innovate at breakneck speed, but the focus on speed has come at the expense of reliability, safety and security. Google may be the best example, with small teams of engineers racing to get Google Maps, Gmail, Picassa and other products out on the Web. Some products worked, some didn’t, but security was often an afterthought in development — as the recent outcry over security and privacy concerns on the social networking service Buzz clearly demonstrates.
Most of the industry acted the same way and promoted speedy innovation over security. In the rush to get new products, with new features to market, the number of errors introduced has grown significantly. Many of these bugs are security vulnerabilities that can be used to access proprietary information or alter operations, and it is suspected that the hackers gained access to Google through a vulnerability in the Internet Explorer Web browser. This was less a problem when computers were not as crucial as they are today, and when manual backups for power plants and military communications still existed, but now IT must be as reliable as every other form of infrastructure.
The lesson for the IT industry is that security has to be a primary concern in the next generation of innovation.
Hopefully, the tide may be turning. For months Google resisted making industry standard encryption the default on Google Mail, Docs and Calendar because it would impede the flow of information as well as slow users’ computers by making them decrypt extra data. After going public about the hacking from China, Google enabled this protection by default.
The lesson for the IT industry is that security has to be a primary concern in the next generation of innovation. Safety must be baked in at the design level and not as an afterthought. Retrofitting systems once a vulnerability is exposed does not work and companies that do not realize this will pay a price.
Outsourcing of manufacturing will continue, but it must do so under much tighter monitoring of the transfer from intellectual property to production.
Companies also need to rethink where they conduct R&D and manufacturing. Keeping them in the home country could limit theft of intellectual property and contamination of the supply chain.
When closeness to foreign markets is critical, multinationals should let governments know they are basing their decisions on where to site a research center not only on access to talent and infrastructure, but also on security.
As a result, companies would be more careful about selecting countries before setting up R&D abroad. Outsourcing of manufacturing will continue, but it must do so under much tighter monitoring of the transfer from intellectual property to production.
The lesson of Google versus China for IT companies is to stop and take a breath. Where goods are designed and manufactured still matters. and racing off to some foreign location can mean the loss of intellectual property. First out of the gate is going to be less important.
We all may be better off if the pace of innovation slows just a bit so we can be safer.
Rob Knake is an International Affairs Fellow and Adam Segal is the Ira A. Lipman Senior Fellow at the Council on Foreign Relations. Copyright YaleGlobal 2010.
