This article can also be found in the Premium Editorial Download "Information Security magazine: The power of SIMs for visibility and compliance."
Download it now to read this article plus other related content.
Point In February, Dubai Ports World tried to buy several major U.S. ports from their British owner, but the deal was scotched over concerns Arabs might not keep them adequately secure. Never mind the U.S. couldn't keep them adequately secure.
Fast-forward a few months and Israel-based Check Point Software Technologies tries to buy U.S.-based intrusion detection systems provider Sourcefire, but the deal is quashed over aftershocks from the Dubai Ports fiasco. Never mind that U.S. government agencies can't keep their networks sufficiently secure to begin with; questions were raised as to whether Check Point should control a piece of software that is widely used in U.S. government networks.
Is there such a thing as "strategic software?" Of course there is. But a better question to ask would be: "Hasn't the horse already left the barn on that issue?"
The truth is, if your software controls your computer (and it does), then the person who writes the software also controls your computer. Does that have strategic implications? Ask the European Union, which in the past has voiced dismay over the fact that virtually all of its computers are controlled by software from a certain company in Redmond, Wash. A cynic could see the Check Point-Sourcefire deal as the U.S. government getting a taste of its own medicine.
I'm a cynic, but not amused. If we accept the idea that software can have strategic implications, it would make a lot
And why worry about the Israelis owning an IDS company when Canada's Research In Motion owns all the BlackBerry handhelds' communications that government bureaucrats simply can't live without? Remember the panic a few months ago when RIM threatened a shutdown because of a patent dispute? Seems the U.S. government was afraid it would be unable to send "sensitive but unclassified" messages to Canada and back. If that communication is strategic, it looks to me like there are a lot of barn doors in need of locking.
The governments of the world have adopted high tech without thinking of it as a weapon. For all the Department of Defense pundits who talk incessantly about "information-centric warfare," they completely avoid thinking about software as a weapons system in its own right--but every important major weapons system today relies on software. I wonder if it's simply too difficult a problem, and everyone has preferred to shut his brain off and say, "Horse? What horse?"
Given the level of denial about the issue, it was silly to single out Check Point and Sourcefire. My guess is that if it were possible to even understand the situation, most of us would be terrified--if we allowed ourselves to be that paranoid. Perhaps this is just one of those problems that we'll leave for future generations to unravel. And, oh, did I forget to mention that key components of Microsoft's ISA firewall were written by one of the company's development teams in Israel?
This was first published in September 2006