Security experts: US Lenovo ban misguided
Concerns about Lenovo's connection to China don't make sense, say some computer security experts
Follow @infoworldA U.S. Department of State decision last week to back away from its plan to use Lenovo Group Ltd. computers on a classified network shows a lack of understanding of the global nature of PC manufacturing, security experts say.
Under political pressure, the State Department aborted its plan to use about 900 Lenovo PCs on a network connecting U.S. embassies. Critics raised security concerns because Lenovo has strong connections to a Chinese government accused of being heavily involved in cyberspying.
The Chinese government's Academy of Science is Lenovo's largest single stakeholder, owning about 27 percent of the company. Its share in Lenovo raises questions about the potential for computer back doors that could transmit secret U.S. government information to China, said U.S. Representative Frank Wolf and two members of the U.S. government's U.S.-China Economic and Security Review Commission.
Complaints from the three officials prompted the State Department to dump its plan to use Lenovo computers on the classified network.
"There is no company or individual in China that is immune to the pressures of the Chinese government when it comes to facilitating the interests of the state," wrote U.S.-China Commission members Michael Wessel and Larry Wortzel in an April letter to Wolf. "The fact that these computers may be assembled outside of China or that the software is produced in the U.S. does not eliminate the opportunity for covert means to gain access to some of our nation's most important data."
The concern about Lenovo, a company with most of its operations in China, isn't an isolated case in the current U.S. political climate. In March, Dubai Ports World, a United Arab Emirates company, said it would sell off six recently acquired U.S. ports after members of Congress raised concerns about the UAE government's ownership of the company. Critics of the company's purchase of the ports objected because the UAE has been friendly in the past with anti-U.S. groups in the Middle East.
And between 2000 and 2002, Chinese leaders tried to push the Chinese government into avoiding the purchase of software from Microsoft Corp., in part because of concerns that Microsoft would build in back doors accessible to U.S. spies.
But concerns about Lenovo's connection to China don't make sense, say some computer security experts. Lenovo officials also say the Chinese government has no influence on how the company is run.
Most U.S. computer makers use overseas manufacturing plants, and it's nearly impossible to make a computer without using many foreign-made parts, said James Mulvenon. Mulvenon focuses on Chinese computer warfare at the Center for Intelligence Research and Analysis, an intelligence research organization.
"Of the top security concerns I have about China, this wouldn't be in the top 100," Mulvenon said. "It's an attitude that ... does not accept globalization as a reality."
Many U.S. officials believe that Chinese government hackers target U.S. agency networks. While Chinese penetration into U.S. government networks is "enormous," worries about the nationality of computer manufacturers are misguided, added Alan Paller, research director at the SANS Institute. Regardless of where a company is based, it would be relatively easy for spies to get jobs at computer makers in the U.S. or elsewhere, he said.
