Kaspersky Lab’s decision to move much of its operations out of Russia and to a new “transparency center” in Switzerland is part of a larger effort to assuage fears that the Russian government is using the cybersecurity vendor’s products for cyberespionage purposes. It also is the latest scene in an ongoing geopolitical play that pits Western countries wary of state-sponsored spying and counterparts in the East that are looking to flex their growing technology muscles. Indeed, the geopolitics among Russia, China, the United States and other countries is increasingly affecting IT in general and IT security in particular.
Lawmakers in the United States and other Western countries over the last several years have limited or banned the use of technologies from companies in countries that they believe support spying efforts and cyber attacks. China has been a primary focus of U.S. officials: They have banned some products from Chinese telecommunications giants Huawei and ZTE from use by government agencies, cautioned U.S. telcos about buying equipment from the vendors, and placed a seven-year moratorium on ZTE from purchases of American components, including processors. The concern is that the Chinese government could use Huawei and ZTE products as back doors to infiltrate U.S. telco networks and spy on Americans.
ZTE also was accused of violating a settlement reached with the U.S. government over selling products to Iran in violation of sanctions, though the restrictions against ZTE could change in the wake of President Trump’s controversial Twitter announcement that his administration would look to strike a trade deal with China that could include relief for the Chinese company. The U.S. Justice Department reportedly also is investing Huawei for similar infractions.
Geopolitics of Russia
Kaspersky, a company founded in Russia, has been under similar suspicion of close ties with a hostile government, despite the denials of founder and CEO Eugene Kaspersky. Governments in the United States, United Kingdom, Lithuania and, most recently, The Netherlands have placed bans on Kaspersky products. Some businesses, such as retailer Best Buy, no longer sell Kaspersky products. U.S. concern about Russian spying has heightened over the past couple of years following reports of Russian hacking and meddling in the 2016 U.S. elections.
Kaspersky officials have worked to quell fears. In October 2017, the company announced a Global Transparency Initiative that included the promise to open up the source code of its products to third parties for analysis and audit. This month, they announced that the company later this year is moving much of its operations from Moscow to its first Transparency Center, in Zurich, with the promise of opening two more such facilities in North America and Asia by 2020.
The first step for the Zurich center will be to move Kaspersky’s build systems--or “assembly lines”--which will be completed by the end of the year. The assembly line is where the company’s products are created and built, and threat detection rules are updated, Kaspersky officials said in a blog post announcing the move. In addition, the company is moving its data storage and processing operations--which includes data from customers in the United States, Europe, Japan and other countries--to Zurich. The data operations part of the plan will be completed next year.
A key part of the plan is push for the creation of an independent third-party organization that will be able to review source code, assess the trustworthiness of products and supervise the compilation of technology before products are shipped to customers.
“The most important goal of our Global Transparency Initiative is to establish all reviewing processes in such a way that there will be no need to rely on our word alone about the integrity of our products, updates, detection rules, data storage, and things like that,” Kaspersky officials wrote in the blog. “Responsible stakeholders from government and private organizations with relevant expertise will be able to review our software to make sure everything works as expected.”
They said they chose Switzerland for the first Transparency Center because of its history of transparency and strong data protection laws.
Patrick Moorhead, principal analyst with Moor Insights and Strategy, said Kaspersky Lab has been hurt by concerns over possible Russian exploitation of its products for spying purposes and that making the move to Switzerland is a smart one.
“Source code inspection and understanding where the data is kept and who has access will go a long way to helping their reputation,” Moorhead told ITPro Today, noting that simply denying any concerns regarding links to the Russian government wouldn’t help the company. “When it comes to independent security, that doesn’t fly. The perception it gives off is terrible.”
Leaving Moscow “is a great idea--not only the optics of it being Switzerland, but also the [opening] of the source code. You can’t hide anything in the source code. It will tell you the ins and outs of where the bits came from and where they go,” Moorehead added.
China's Rising Influence
The tech industry can expect to see geopolitics continue to roil the waters, particularly with China. Moorhead said a key difference between China and Russia is the former’s focus on technology as an underpinning of its growing economy. Right now, the majority of Russia’s economy is based on oil. China’s “Made in China 2025” plan calls for the country to become competitive in almost a dozen industries--including next-generation IT and software--by that year, and dominant in the following decades. The country also wants to become the top hub for artificial intelligence (AI) innovation by 2030. China is putting a lot of money behind building out the capabilities of homegrown tech companies.
It also has a policy that requires many foreign tech firms to partner with Chinese companies in joint ventures to do business in the fast-growing country, which critics in the United States and elsewhere say enables China to steal intellectual property, such as patents. That, coupled with the Chinese government’s reputation as an enabler of cyber attacks and cyberespionage, has raised concerns and suspicions that the country could use products from Huawei, ZTE and other vendors to infiltrate networks in the United States.
It’s also helping to fuel the growing trade war threat between the United States and China. In March, the Trump Administration blocked Broadcom’s $117 billion hostile takeover bid of U.S. chipmaker Qualcomm, a move that reportedly was made with concerns that the deal would benefit China, even though Broadcom was based in Singapore. (It is now moving its headquarters to the United States.)
Another factor in this picture are rules in China that prevent Chinese companies from obtaining a dominant market share in their industries in the country, Moorhead said. That is helping fuel desires by Huawei, ZTE, smartphone maker Xaomi and other Chinese companies to look to other regions for growth, which will further exacerbate international tensions. For example, both Huawei and ZTE are making aggressive pushes into the telco market in Western Europe, where they are competing with established vendors like Ericsson, and Huawei is pushing its data center capabilities in other countries.