Research Labs: A little more paranoia please.

Last Updated on Wednesday, 14 October 2009 09:49 Written by Jeffreycarr Wednesday, 14 October 2009 09:49

I was recently invited to give an online cyber security briefing to a global corporation that maintains research labs around the world. The audience consisted of some of the smartest, best connected security folks that you would ever want to meet so, needless to say, my presentation had little to do with Internet security and malware. Instead, I focused on State-sponsored initiatives and emerging military doctrine (RF and PRC) in the domain of Information Warfare (aka Computer Network Operations, “Cyber Warfare”, etc.). That was the easy part of my briefing.

The hard part came when I raised the issue of research labs and how both the Chinese and Russian governments may be exploiting them to further their own national defense interests; particularly those labs owned by U.S. corporations in Shanghai and Nizhny Novgorod, for example.

There are a lot of reasons why discussing research labs as a threat vector is a delicate matter:

The U.S. educational system isn’t producing enough Ph.Ds in math and science to satisfy the needs of U.S. tech companies, and U.S. immigration law is making it difficult and costly to hire foreigners, so companies like Microsoft, Intel, GE, and Dell are opening research centers outside of the U.S. Some of the work done by these labs have high strategic importance to their respective governments; things like the Smart Grid, wireless communications, superconductivity, etc.

This week’s IntelFusion FLASH Traffic focuses on one such lab: Intel’s Nizhny Novgorod Lab and its connections with Russia’s Federal Security Service (FSB). Next year, China will host the World Expo 2010 in Shanghai where GE, Intel, and Dell, among other companies, all maintain permanent research facilities. I’m certainly not suggesting that good work isn’t coming out of these facilities, nor am I suggesting that any of the researchers are “bad” people. Just the opposite. I think such collaborative environments are both necessary and valuable, and I certainly respect the accomplishments of the scientists who are employed there. However, a frank discussion of the risks, both real and potential, and how those risks can be mitigated needs to be done.

Tags:

This entry was posted on Wednesday, October 14th, 2009 at 9:49 am and is filed under Cyber. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply