Skip to comments.Outsourcing jobs a security risk: US intelligence
Posted on 03/20/2004 4:06:30 AM PST by sarcasm
Washington, March 20:With as many as three million software industry jobs poised to move offshore by 2015, the US industry needs to protect itself against potential security risks, including economic espionage, the chairman of the National Intelligence Council has warned.
While outsourcing of business functions is a growing trend that helps firms cut costs, it also brings potential security risks--particularly when outsourcing involves entities owned and operated abroad, Robert L. Hitchings, Chairman of the council, which is the US intelligence community's think tank said while addressing the international security management association in Scottsdale.
He said besides outsourcing, writing computer codes aboard and importing hardware entails security risks. As many as 3 million software industry jobs could move offshore by 2015, with 70 per cent of these jobs moving to India, 20 per cent to the Philippines and 10 per cent to China, he said. Warning that corporate leaders need to be on guard.
Corporate leaders need to be on guard and know who their business partners are and what security measures they have in place to protect against loss, whether through unintended leakage of proprietary business information, deliberate thefts of intellectual property, or outright economic espionage," Hitchings said.
While technology now allows companies to have their most sensitive proprietary computer code written overseas, he said the inability of companies to sufficiently vet the personnel involved in these activities can create a significant vulnerability.
US openness to foreign trade and investment and its commitment to global information sharing through academic and scientific exchange, Hitchings said unfortunately leave US technologies highly exposed to foreign exploitation. Pointing out that collectors last year employed a wide variety of techniques in their quest to circumvent US restrictions in the acquisition of sensitive manufacturing processes, he said foreigners often through middlemen acquired sensitive US technologies simply by requesting them via e-mail, faxes or telephones.
Globally networked information systems, he said, also present vulnerabilities, and even the simplest computer threats pose real risks for US companies business interests and proprietary knowledge.
Information technology, said Hutchings, has become as important to the US economy as oil, and the growing dependency of the US on foreign it "raises concerns for corporate as well as national security." for instance, he said, half of the world's laptops, one quarter of desktop computers, and half of all PC motherboards are now assembled in China. Taiwan is now responsible for about 70 per cent of all semiconductor production for hire--producing chips designed and marketed by others.
This growing US dependence, said Hutchings, makes US IT firms vulnerable to interruptions of foreign-built critical components, whether intentional or accidental. Foreign supply disruptions could suspend US firms' deliveries of finished systems within only a few days, as most carry limited inventories.
One can hardly expect U.S. statutes to apply to citizens and business entities of another sovereign nation, now, can they?
Gee, I wonder if our buddies the pakies would engage in a little corporate espionage? Nah, not them! They love us! (/intense sarcasm)
Does the company do business in the U.S.? Back to Civil Procedure class, my friend.
I've posted a link to the exact, specific HIPAA subsection in previous threads, don't have the time to look for it again. Do a Google on "HIPAA outsourcing" and poke around, you'll find it.
HIPAA specifically and by statute allows "Covered Entities" (e.g., HMOs) to outsource medical records (for example), and the "Covered Entity" is thereafter not liable for privacy or security breaches made by the outsourcing vendor.
The rules of civil procedure apply to civil cases. As I recall, the rules of venue specify that civil actions much be initiated in the same venue as the defendant. Which might be just the least bit problematic for one located in India.
And then we have to remember that the really big teeth are available through criminal prosecution. I wonder (even more) how one proposes to file criminal charges against an outsourcing company in New Delhi.
I am sure Chinese and Indian governments can do security clearances if asked.
Pointing out that collectors last year employed a wide variety of techniques in their quest to circumvent US restrictions in the acquisition of sensitive manufacturing processes
No problem. We are so creative that we will invent new technologies faster than they can steal. No need to cry over buggy whips.
So, you suppose that India or China will let us extradite some local on the basis of a HIPAA violation? My, you are an optimist!
Gimme' a break.
Earlier, someone argued that the HIPAA cannot be "violated" overseas . . . I'd like to figure that out before getting into an argument with you.
Incidentally, if your medical records are stolen, do you think your lawyer will go after the medical-provider, or simply consult you to let the state prosecutor's office handle the case?
Not possible in any case since HIPAA specifically exempts third-party outsourcers and Covered Entities from breaches by the third-party outsourcer (unless the outsourcer is itself a Covered Entity, which most would not be).
In other words, there is no law under which an outsourcer can be prosecuted either here or abroad.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.