blog Remember when the Financial Review reported in August that devices manufactured by Chinese vendor Lenovo (including its extremely popular ThinkPad line) had been banned from use in the “secret” and “top secret” networks of the intelligence and defence services of Australia, the US, Britain, Canada and New Zealand, because of similar espionage concerns as have been leveled at Chinese networking vendor Huawei? Well, Australian government agencies just got a whole new kettle of fish to ponder over, with two key acquisitions by Lenovo which have taken place over the past week or so.
The first and most obvious issue for the security-minded in the nation’s public sector relates to Lenovo’s buyout of IBM’s x86 server business. This is what Lenovo had to say about the buyout last week:
“This includes System x, BladeCenter and Flex System blade servers and switches, x86-based Flex integrated systems, NeXtScale and iDataPlex servers and associated software, blade networking and maintenance operations … IBM will retain its System z mainframes, Power Systems, Storage Systems, Power-based Flex servers, and PureApplication and PureData appliances.
Lenovo and IBM plan to enter into a strategic relationship which will include a global OEM and reseller agreement for sales of IBM’s industry-leading entry and midrange Storwize disk storage systems, tape storage systems, General Parallel File System software, SmartCloud Entry offering, and elements of IBM’s system software portfolio, including Systems Director and Platform Computing solutions.”
Now, it may just be me, but I’m betting that right now, there are a stack of IBM x86 servers and associated product lines now under the Lenovo umbrella littered throughout all levels of Australian governments — Federal, State and local. Many of these will be actively receiving updates direct from Big Blue. If you believe that there are legitimate security concerns around Lenovo’s gear — which some of Australia’s spy agencies and Defence personnel clearly do — then you would have to be concerned about any potential Lenovo access to that infrastructure. I would bet that the Australian Signals Directorate would be particularly leery about any Lenovo-sourced ROM patches being applied, post the acquisition.
The US$2.91 billion sale of Google’s Motorola Mobility division to Lenovo announced on Wednesday is of less obvious security importance. Motorola’s top handset at the moment, the Moto X, hasn’t even made it to Australia, and although we saw moderate degrees of interest in the company’s previously locally launched RAZR M and RAZR HD handsets, we don’t anticipate that many public servants or government security personnel will be using the units for secure communications, given the Australian Signals Directorate’s historical aversion to Android.
However, this move could still possibly stimulate the most sensitive areas within Australia’s public sector to formally avoid whatever new Android handsets Motorola has in the pipeline.
I want to note that, with this article, that I’m not accusing Lenovo of anything. I have not personally seen a shred of evidence that the company’s products or the company itself represents anything of a security risk; in fact, I strongly personally believe that Lenovo’s ThinkPad line in particular represent some of the most secure and best quality laptops available. I don’t personally have concerns with Lenovo. Concerns of this nature should be based on evidence; and there just hasn’t been any presented. The fact that a company is headquartered in China does not inherently make it a security risk; in fact, Edward Snowden’s revelations have shown that it’s more likely US technology giants that are considered to be security risks for many organisations these days.
However, it’s still important to note that these acquisitions will be a closely watched issue for some IT security types in Australia — especially in the Federal Government, and especially in Defence. As an issue, this one hasn’t gone away just yet; and it won’t until companies like Lenovo and Huawei are allowed into key Australian Government areas.
Image credit: Lenovo