For five years, the digital cold war on the computer industry, with among other tensions with Russia, has worsened. Russia’s involvement in the SolarWinds breach, as well as its interference in the 2016 U.S. presidential election — including buying tens of millions of Facebook ads in an effort to sow discontent among U.S. voters — have showed the face of this cyberwar.
The invasion of Ukraine
Under the pretext of a “peacekeeping operation”, Russia yesterday launched a full-scale invasion of Ukraine. It can be assumed that Russia is also responsible for the recent cyberattacks against Ukrainian administrations and banks.
In response, the United States, NATO and allied countries have imposed numerous economic sanctions on Russia, including preventing its two state banks from trading debt securities in US and European markets, as well as freezing the assets of the country’s wealthiest citizens. Germany has halted plans for Russia’s Nord Stream 2 gas pipeline. More sweeping sanctions are expected as Russia continues its assault on Ukraine.
The economic repercussions of this conflict will probably be significant, in particular concerning the cessation of Russian oil and natural gas exports to Western Europe and, presumably, the denial of civil and commercial air transit to Asia through the airspace Russian.
And a protracted conflict with Russia – coupled with the imposition of far-reaching sanctions – will have a tangible impact on the global tech industry.
Russian tech companies are now “technologia non grata” in Western countries
Let’s start with the Russian software companies themselves.
Many of them hold a large market share and are widely used in the West. Some of them were founded in Russia, while others are headquartered elsewhere, but maintain a significant part of their development in Russia and other Eastern European countries.
The British company Kaspersky Lab, for example, is a major and well-established player in the field of antivirus/antimalware. It maintains its international headquarters and has significant research and development (R&D) capabilities in Russia, although its main R&D center was moved to Israel in 2017.
Eugene Kaspersky, the company’s founder, is also believed to have close personal ties to the Putin-controlled government. Kaspersky has repeatedly denied these allegations. Previously, it emerged that Kaspersky software was involved in the security breach of a US National Security Agency employee in 2015.
NGINX Inc is the support and consulting arm of an open source web proxy server project popular with some of the largest internet services on the planet. The company is originally from Russia, but was sold to F5 Networks in 2019. Company founder Igor Sysoev announced his departure in January this year.
Parallels, which Corel acquired in 2018, focuses on virtualization technology. Their Parallels Desktop is one of the most popular solutions for virtualizing Windows on Mac. Historically, their main development labs were in Moscow and Novosibirsk, Russia. The company was founded by a Russian national, Sergei Beloussov, and has many people of Russian descent among its core developers and executives. Two of their products, Virtuozzo and Plesk, were spun off as their own companies in 2017. Odin, from Parallels, a management stack for billing and provisioning automation used by service providers and private clouds operating on Microsoft’s VMware and Azure virtual infrastructure stack, was sold to Ingram Micro in 2015. It is unknown how much Russian code is present in these systems.
Acronis, like Parallels, was founded in 2002 by Russian software developer and venture capitalist Sergei Beloussov. He left Parallels and became CEO of Acronis in May 2013. The company specializes in bare metal system backup, system deployment, and storage management software for Microsoft Windows and Linux, and is headquartered in Singapore. However, it has significant R&D operations in Moscow.
Veeam Software founded by Russian-born Ratmir Timashev focuses on enterprise backup solutions for VMware and Microsoft public and private clouds. Like Parallels and Acronis, it is also a multinational. For many years, most of its research and development activities were based in St. Petersburg, Russia. It was acquired by Insight Partners in 2020 and put in place a new management team. However, it has yet to be determined how much legacy Russian code is in or continues to contribute to its products.
These are just a few examples. Many Russian software companies generate billions of dollars in revenue and offer products and services that have significant global penetration. There are also many other, smaller ones that provide niche or specialized services, such as outsourcing.
It should also be noted that many mobile applications – including entertainment software for iOS, Android, Windows – also come from Russia.
Pressure on the chip supply chain
In addition, a Reuters article mentions that Ukraine is a major producer of neon gas, essential for the lasers used in the manufacture of chips. “This country supplies more than 90% of American neon intended for semiconductors, according to estimates by research firm Techcet,” the agency said.
And about 35% of palladium, a rare metal also used for semiconductors, comes from Russia.
A large-scale conflict that disrupts exports of these elements could therefore affect players such as Intel, which sources 50% of its neon from Eastern Europe, according to JPMorgan.
Sure, the chip industry was able to handle a neon price hike stemming from the 2014 Crimean crisis. But the scale of the dispute today seems far greater.
Russian IT service companies will also be affected
Many global tech giants in the software and services industries have used Russian and Eastern European developers in the past due to the quality of their work and value for money. Many of them have invested hundreds of millions of dollars to ensure the presence of developers and resellers in Russia.
It is not necessary for governments around the world to issue isolationist sanctions like in Iran against Russia for a snowball effect to occur within American companies that use Russian software or services.
The escalation to a full-scale conflict in Ukraine will make CIOs of global companies extremely concerned about the use of software originating from Russia or produced by Russian nationals. The most conservative companies will probably opt for other solutions.
Russian mobile apps? BYOD mobile device management (MDM) policies will prevent them from being installed on any device that can access a corporate network. And if sanctions are put in place by governments around the world, we can expect them to disappear completely from mobile device stores.
Countless games and apps from Russia may no longer exist when real sanctions are applied to this sector.
But business leaders aren’t going to wait for governments to ban Russian software. If there is any lack of confidence in the reliability of any supplier, or if there is concern that the loyalty of its customers could be traded or influenced by the Putin regime and used to compromise its own systems, rest assured that software of Russian origin will very quickly disappear from the IT infrastructure of companies.
Contractor visas will certainly be canceled or not renewed for Russian nationals who work for large companies. Any potential vendor for a big software deal will be scrutinized and asked if any of their products use Russian developers. If it does not pass the most basic audits and detection tests, it may simply forget to do business in this country.
Therefore, if a vendor has a large workforce of Russian developers, it will have to pack up and repatriate those labs to a country better aligned with Western interests – as we have seen with the companies listed above.
Then there is the question of the computer code produced by the service providers. And then it gets a lot trickier.
Obviously, there is the question of whether the code is recent and whether or not there are suitable methods to verify it. It can be expected that US and Western European IT companies will soon offer service products that sift through large amounts of code to ensure that Russian nationals do not leave behind any backdoor compromises. .
If you thought your Y2K mitigations were costly, wait until your business suffers the Russian purge.
I don’t need to tell you how expensive it is. Wealthier companies, sensing a huge risk to customer security and trust, will tackle this problem as quickly as possible and swallow the bitter pill of audits.
But many companies don’t have the immediate funds to do so. They will do their best to mitigate the risk on their own, and the compromised code may remain in place for years until major system migrations take place and the old code is (hopefully) disposed of. .
It is almost certain that in the years to come we will face Russian cyberattacks against our own corporate walls, from software originally developed under the auspices of relatively cheap and highly skilled programmers, and outsourced to Is.
Source: ZDNet.com