As HyTrust’s CTO I have the opportunity to work with a lot of the best and brightest minds in security, in both the Government and Private Sector. This is a tremendous honor and has afforded me unique perspectives on how people in various types of organizations think about security – and how they implement it.
Right now the US is fortunate – much of the world’s technology and IT industry can be found in the US, and of that, much of it is located in Silicon Valley, which happens to be where HyTrust is located. We are in the same town as Google and Box, down the road from Oracle, up 101 from Intel and one town over from Apple. Looking at market caps, the technology industry represents close to a trillion-dollar crown jewel. With a jewel like that, you need to take precautions.
One thing to be very careful about is regulation. Just like the power to tax is the power to destroy, the power to regulate can also be the power to destroy and sometimes well-intended legislation around security technologies can have very unintended consequences.
China, for example, just announced the world’s fastest supercomputer, the Sunway TaihuLight, weighing in at a massive 124.5 petaflops. The interesting things about TaihuLight is that it runs Shenwei CPUs (in this case the SW 26010) – 40,960 of them, with each SW 26010 running 256 cores, bringing the total system core count to 10,649,600. Impressive indeed.
One could argue that part of the inspiration behind the Chinese home-grown CPU effort would be fears around the availability of commercial CPUs from the US. In this case, their fears would have been justified as Intel was banned from selling Xeon CPUs to Chinese supercomputing research offices in early 2015. Thus while Tianhe-2, the second-fastest supercomputer in the world ran Xeons, as mentioned earlier TaihuLight runs Shenwei SW 26010s.
Recently CIA Director John Brennan was said to have assured congress that they need not worry about the commercial impact of mandatory back doors to encryption products as non-US encryption solutions are “theoretical.” While we are flattered by his assertion that “US companies dominate the international market as far as encryption technologies that are available through these various apps, and I think we will continue to dominate them,” leadership is a precarious position constantly in danger of reversal. Also, China already requires for certain uses that only Chinese encryption algorithms and implementation can be used thus US vendors have to enable pluggable encryption.
One of the fastest ways to insure that reversal would be to mandate back doors in encryption and products that use encryption. The instant it becomes known that a particular company is backdooring products, people will start to look for alternatives. If an entire nation’s products are all backdoored, customers will look to products from a different nation. Such a move (mandating backdoors) which may seem like it would increase security, might do that in the sort term, but the long term would be the destruction of domestic encryption as companies in the US follow the law and customers in the US and elsewhere turn to other solutions that don’t have backdoors. We must find a delicate balance between protecting our nation and promoting global technology trade.
While we may be biased – we are after all in the business of supplying virtualization security and encryption products, we tend to agree with General Michael Hayden, former director of the CIA and NSA, when he said “America is more secure with end-to-end and unbreakable encryption.”