Threat Intelligence, Network Security

Russia pressures Western tech firms for security source code, many will comply

Russia's Federal Security Service (FSB) is demanding the security product source code from top Western tech firms including Cisco, IBM and SAP, and many of the firms say they are planning to comply.

The move come at a time when tensions are already high as more information about Russia's attempts to influence the 2016 U.S. presidential election comes to light. Moscow is ordering the firms to allow access to products such as firewalls, anti-virus applications and software containing encryption before permitting the products to be imported and sold in the country in order to check for hidden backdoors that could allow access to Russian systems, according to Reuters.

Security researchers and U.S. officials have advised against the move warning it could give Russian officials an opportunity to find vulnerabilities in these products and Symantec, told the publication it has stopped cooperating with the source code reviews over security concerns.

The companies who are complying argue that they risk being shut out on a lucrative market if they fail to comply and said they will only allow Russia to review their source code in secure facilities that prevent code from being copied or altered.

The US government accuses FSB of taking part in the cyberattacks on Hillary Clinton's 2016 presidential campaign and the 2014 hack of 500 million Yahoo email accounts. 

Only time will tell if anything malicious is happening in this situation and its no surprise that Russia is concerned. Fidelis Cybersecurity Threat Intelligence Manager John Bambenek told SC Media.

"Typically reviews similar to this one depend on the depth of the specific requests, but China just adopted a policy to require access to information from companies that have sensitive data for their citizens and I expect other nations to follow suit," Bambenek said. "It is a logical consequence from the revelations of bulk surveillance by Edward Snowden that are still reverberating globally. People expect U.S. companies to be sharing data with the U.S. government so they now want in on the game." 

He said it depends on how it is implemented and what these secure reviews require. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.