There’s no denying that the technology industry is rapidly evolving. And as a result, the companies that operate within this lucrative sector are also growing. From Apple to Samsung, the tech elite have billions of dollars at their disposal and are becoming ever more powerful.
With all this power, they’re capable of exerting their dominance and influencing countries around the world. But while high-growth technology companies are contributing massive amounts of money to global economies, some people fear that these firms pose a security risk to critical infrastructure systems.
The United States is an example of a country that has slammed foreign technology companies in recent times. Recently, American lawmakers ordered telco AT&T to sever its ties with Huawei over fears that the Chinese mobile phone maker is simply becoming too powerful. They believe that the firm poses a grave threat to national security.
Creating security backdoors
The worry for government officials – especially in the United States – is that foreign technology companies could use backdoors to compromise state information security. Scott Crawford, a director at 451 Research, believes that this issue plays out on “multiple” levels. But it is “often more visible when it comes to security risks, rather than foreign dominance”.
He tells us: “In many of these cases, the concern is that foreign interests could introduce technology or capabilities into the US that could introduce a risk to US information security – a risk that could be difficult to ferret out, if such a threat could be obscured within the technology.”
American security researchers have been looking into these threats for years, as the 2012 case with Huawei and ZTE certainly proves. However, Crawford makes it clear that these incidents aren’t just exclusive to Beijing – they come from countries globally. “These concerns arise in part from evidence gathered by security researchers in recent years alleging either direct or indirect involvement of foreign interests in breaches of sensitive information security. China has repeatedly been alleged to be behind many of these incidents – but it isn’t the only nation seen as posing a threat to foreign interests,” he says.
US as the culprit
The United States isn’t exactly innocent when it comes to surveillance and other espionage activities. Former CIA employee Edward Snowden has offered a great deal of insight into the country’s cyber spying over the years. “The US itself is often seen in this light, particularly following Edward Snowden’s allegations about US surveillance activities. It is therefore not surprising, perhaps, that in 2012, investigations by the US House of Representatives flared around accusations that Huawei and ZTE were doing exactly what the NSA was revealed to be doing two years later with their Tailored Access Operations teams,” explains Crawford.
Responding to these allegations, the Chinese have also been hesitant to accept American technologies into their market. Companies such as Apple and Google have struggled to reach out to the masses in the country. “China itself has reportedly opposed the incursion of US tech leaders into its markets, though many strategic tech companies have sought to reach rapprochement with China to ease concerns,” he says.
Companies that rely solely on foreign technology providers could be putting themselves at risk, admits Crawford. “There is concern at a more strategic level. Should any nation become dependent on a foreign technology provider for capabilities critical to society, it could be placing its strategic interests at risk. At the personal level, this concern could arise regarding technology critical to individual health or safety. At the societal level, it could involve technologies seen as part of critical infrastructure,” he explains.
He expects governments to become tougher on technology companies with the rise of IoT, concluding: “We would expect these concerns to color government response to the continued rise of the Internet of Things, as smart computing capability becomes increasingly integrated with the technologies of everyday life, from large-scale utilities to the smart home.”
A growing security risk
James Wickes, CEO and co-founder of cloud-based visual surveillance company Cloudview, says governments are right to be concerned about foreign companies that become too powerful. He tells us that the threats are “particularly felt in the domain of CCTV equipment, where the security services have not only raised concerns but identified specific threats”. Wickes points out to a situation in the 2016 case when MI6 became worried about Chinese company Hikvision being Britain’s largest supplier of CCTV equipment. He says UK security specialists “expressed grave concerns about the potential security risk, particularly for internet connected cameras”.
In May 2017, the US Department of Homeland Security highlighted similar vulnerabilities. It found a range of problems in connected cameras and issued a security advisory notice. Wickes explains that security researchers have also reported “backdoors in a range of cameras from other manufacturers that allow remote unauthorized administrative access via the web”, giving cyber crooks the ability to target government systems. He says: “Such backdoors are rarely an oversight, and are built in by people who know what they’re doing. They provide a means for hackers to come and go undetected, bypassing all usual security measures.”
In extreme circumstances, cyber criminals could use these backdoors to launch devastating terrorist attacks on countries. “They could even allow the hacker to configure the device to allow front door entry by unwanted persons to appear legitimate. This could easily result in a security breach that affects national security or competitiveness. With an inbuilt back door, poor IoT security might be a little too tempting for a nosey nation, while for terrorists, why bother with suicide bombs if you can shut down power stations, open dams and look at CCTV footage of major cities and public places at will,” he concludes.
While the news that the US Government wants to stop AT&T from forging an ever-closer business relationship with Huawei may seem slightly extreme, it appears that some of these worries are just. There are instances where governments rely too much on foreign technologies, leaving them exposed to attack from state actors. Clearly, security organizations need to keep a closer eye on government IT infrastructure to ensure it’s robust enough to fend off cyber crooks.