Cisco Blogs

Cisco Blog > High Tech Policy

Addressing Security Concerns: The source code conundrum

magnifying_glass_teudimu_01A while back, I blogged on the topic of Sovereignty and National Security. Since then, much has happened, most notably the moves by some governments to require access to source code on the grounds of national security before a foreign product can be imported and used in the country. Others have insisted for products to be manufactured locally, or that intellectual know-how of the product be transferred as part of the conditions of permitting a product to be procured. These are variations of the recurring theme of requiring local control to ensure national security and to protect sovereignty against foreign influence.

One cannot deny that there are very real security concerns and threats faced by governments today that need to be addressed more adequately. Even consumers are rightly worried about security of their data and personal information, especially as more cloud computing services become available.

Some argue that proprietary products are ‘secretive’, and that they rely on the customers’ faith in the vendor that the products operate securely. Others say that it is much easier for attackers to uncover vulnerabilities when they have access to the source code, rather than trying to compromise a “black-box”.

Who is right? Is the disclosure of source code directly correlated to product security? Is there a better way to ensure security without resorting to excluding the use of foreign manufactured products?

Read More »

Tags: , , , , , , ,

Sovereignty and National Security

Sovereignty and national security have always been key concerns for national governments. The need for self reliance and the avoidance of reliance on external parties are natural instincts for countries. In the early days, many developing economies adopted a policy of import substitution to avoid a dependence on foreign goods by creating domestic companies that can meet internal demands. Such initiatives also created jobs within the country to keep unemployment low. While these concerns and fears are legitimate and genuine, in today’s global economy, it does not make sense for every country to produce everything it needs, nor to have domestic companies run every industry.

For example, while steel is important for nation building, steel production is not something that very country can do or need to do. Instead, they buy what they need from whomever offers them the best value for money. Air travel is essential to international commerce, but not every country can produce their own aircrafts. Today’s main producers are Boeing and Airbus, and most airlines buy aircrafts from them. Extensive reliance on purchasing aircrafts from Boeing and Airbus has not limited the competitiveness and distinctive service level offered by globally successful airlines such as Singapore Airlines and Cathay Pacific. In the same breath, although many countries started with national carriers, not many have survived today, e.g. Swissair collapsed and the successor national airline Swiss was bought over by the German Lufthansa. Domestic production does not appear to be not a criteria for success.

What about the ICT sector?

Read More »

Tags: ,