Back in October of 2014, China-based computer technology firm Lenovo competed the initial closing of its acquisition of IBM’s x86 server business for $2.1 billion. As part of the Lenovo, IBM deal, Lenovo acquired System x, BladeCenter and Flex System blade servers and switches, x86-based Flex integrated systems, NeXtScale and iDataPlex servers and associated software, blade networking and maintenance operations.
Following the sale, the U.S. Navy is considering new servers for its upgraded Aegis Combat System, citing security issues, according to USNI News, the news and analysis portal of the U.S. Naval Institute.
A Navy spokesman told USNI News that the “Department of Homeland Defense identified security concerns with the IBM Blade Center sale and placed restrictions on federal government procurement of Lenovo Blade Center server products.”
The U.S. Navy included IBM’s x86 BladeCenter HT server in its Aegis Technical Insertion (TI) 12, which, along with Advanced Capability Build 12 software upgrades, compose the Aegis Baseline 9 combat system upgrade that combines a ballistic missile defense capability with anti-air warfare improvements for the Navy’s guided missile cruiser and destroyer fleets, USNI News says.
The U.S. Navy’s fears are timely, given news that the recent Office of Personnel Management breach which impacted four million current and former federal employees was allegedly caused by hackers working for the Chinese state, according to the Washington Post.
Sen. John McCain, R-Ariz., issued a statement following the breach, saying that, if indeed China’s involvement is true, the breach would join an “already lengthy and well-documented record of Chinese intellectual property theft and cyber-espionage” targeting the U.S. government and American companies.
“We cannot sit idly-by, accepting a situation in which persistent cyber-attacks and data insecurity are the new norm,” Sen. McCain says. “Our top priority must be finding ways to deter our enemies from attacking in the first place and ending the ability of hackers to infiltrate, steal and disrupt with impunity.”
U.S. fears over China’s possible hacking into its systems have been evident for years. In 2012, members of the House Intelligence Committee released a report recommending that U.S. companies consider doing business with other vendors instead of Chinese telecommunications companies Huawei and ZTE.
The report highlighted the interconnectivity of critical infrastructure systems in the U.S. and warned of the “heightened threat of cyber espionage and predatory disruption or destruction of U.S. networks if telecommunications networks are built by companies with known ties to the Chinese state, a country known to aggressively steal valuable trade secrets and other sensitive data from American companies.”
Still, while the threat posed by Chinese hackers is concerning, organizations can’t neglect other cyber risks, says Michael DuBose, who previously worked as managing director and cyber investigations practice leader at Kroll Advisory Solutions. “If hackers can do this much damage from the outside, just imagine what the individuals with the keys to the kingdom are capable of,” he says. “By implementing proper policies and procedures today, organizations can greatly improve their capabilities for detection and prevention tomorrow.”