When Sauce For The Goose Is Not Sauce For The Gander

‘When sauce for the goose is not sauce for the gander’, the average man takes umbrage at this injustice. The ethic of reciprocity is a universal law in all cultures. We have seen that the Americans do not permit any hardware or software not from firms of American origin to be part of their classified networks. The Russians and the Chinese have also learned the route to cyber security the hard way and seems to have realised that critical networks have to be wholly indigenous. Now I wonder why these countries would put in all this effort and additional costs involved to ensure trusted supply chains.

Why are they not relying on air gapped networks like we in India believe is sufficient. Are the Americans, Russians and Chinese technologically less aware than the boffins who deal with cyber security in the GoI ? Why is their sauce different ? Are they not signatories to the same WTO rules which seemingly prevent our departments who control critical infrastructure from adopting the same norms.

The Americans have not permitted Huawei to even operate in US. We have invited all and sundry companies to be part of our classified and critical networks. Our govt funded Universities routinely carry out research on improving the security of foreign software and hardware. By spending taxpayers money into research promoting cybersecurity of foreign software and hardware are we boosting our national security efforts or of someone else ? Whose interest are we serving ?

One such cyber security expert from a four letter organisation while interacting with the author sometime back told that he planned to put both Chinese and American routers in tandem to ensure that both don’t control the whole network in our power stations, refineries etc. Asked about indigenous routers, he told that for indigenous manufacturers of routers they will have to first submit the source code which will be evaluated. Asked about whether the Chinese and the American manufacturers also had their code evaluated, he told without batting an eyelid that the MNC’s companies won’t agree to it ! Asked if this practice smacked of raising barriers on indigenous products by Indian citizens and wouldn’t such products manufactured by own citizens be more trustworthy, the expert opined that he made no differentiation between indigenous or foreign manufactured devices.

So much for ‘ Make Made in India‘. All other nations look after their own citizens and nurture their entrepreneurs. Here we have an institutional culture wherein the competitive advantage is given to MNC manufacturers in a field of national security. Macaulay’s children !!! they have been groomed well. Sun Tzu would applaud ‘The supreme art of war is to subdue the enemy without fighting.’ We have made a nation that taxes its citizens and hands over the money to potential adversaries for untrustworthy products. (Notice the cyber security expert talked of placing the American and Chinese routers in tandem. He knew the dangers.)

https://rbth.com/defence/2016/02/02/russias-defense-industry-to-get-its-own-internet_564229

Russian defense industry to get its own ‘internet’

February 2, 2016 Alexander Korolkov, special to RBTH
The companies of Russia’s military-industrial complex will soon be able to transfer secret information via an ultra-secure communication network. A notable requirement for the “secret internet” is that all its hardware and software must be made in Russia. Russia’s defense companies are to be linked by a secure line of communications to transfer top secret information, which will unite more than 1,000 firms belonging to Russia’s military-industrial complex.

“We are bringing the technical capabilities to a new level and creating a single secure information space for Russia’s entire defense industry. The system being created will enable companies to use all the possibilities of modern telecom technologies, and guarantees a high level of information security,” said Alexander Kalinin, director of the Department of Innovative Development for the United Instrument Manufacturing Corporation.

The creation of such systems typically involves dozens or even hundreds of companies whose personnel are not permitted to share documents by email, or, for example, to discuss certain work issues by Skype. All this slows down the work, because the defense personnel have to use older methods, such as sending correspondence in hard copy via a special courier service, speaking over a secure telephone line, or meeting in person.

However, according to its terms of reference, the new system will allow personnel at secret facilities to use everyday tools such as email, audio and videoconferencing and cloud storage for work purposes. Furthermore, once the defense industry has its own “internet,” engineers will be able to take advantage of powerful information and computer resources, such as the Computer Modelling Center (a supercomputer) being created at the Vega Radio Engineering Corporation in Moscow.

According to the publicly available procurement documents of the Russian Ministry of Industry and Trade, the customer for the new system, it is to be implemented at 255 Russian defense industry companies in 2016. The defense industry press release, however, mentions a figure of more than 1,000 companies. This difference most likely indicates that the program is designed to run for a number of years.

The development of the system will be funded entirely from the federal government budget, but the amount to be spent has not been disclosed. A notable requirement for the “secret internet” is that all its hardware and software must be made in Russia. This will prevent “backdoors” – vulnerabilities deliberately created by foreign manufacturers that may subsequently be used by intelligence services from those countries to gain access to secret information.