US government organizations buying software from Netcracker previously had to be reassured its Russian programmers could not slip bad code into the product like a barman spiking a drink. The concern stemmed from Russia's propensity for cyberattacks and Netcracker's heavy reliance on Russian employees. Today, nearly 26% of people whose LinkedIn profiles list employment at Netcracker live in Russia. On that measure, no other non-Russian technology company examined by Light Reading seems to come close (see table below).
This was long before Vladimir Putin, Russia's latest strongman, had sent troops and tanks into neighboring Ukraine. The response of the US and Europe has included the most sweeping sanctions imaginable, cutting Russia off from financial services, critical technologies and even basic consumables. Firms from Intel to McDonald's have joined in, suspending product deliveries and shutting stores.
Figure 1: Russian ruler Vladimir Putin has sparked outrage and sanctions with his latest war.
(Source: Russia's presidential press and information office via Creative Commons)
Those events have only heightened the risk of a cyberattack emanating from Moscow. If buying software written partly in Moscow or St. Petersburg had seemed a bit like a game of Russian roulette, there are suddenly more bullets in the barrel. No cybersecurity expert within a government organization or telco will have told managers that software suppliers still using Russian resources are entirely safe.
Telecom and IT vendors including Netcracker have brought a halt to Russian operations and stopped selling products to Russian companies. After it was criticized by Ukrainian politicians for continuing to serve existing Russian clients, SAP, a German software company, went as far as shutting off cloud services in Russia. There was nothing it could do about customers that had bought SAP software and installed it at their own premises, it pointed out.
The fog of war
Yet the status of employees in Russia is much foggier at Netcracker and various other companies. A spokesperson for Netcracker would not say if Russian coders are still working on products aimed at customers outside Russia when Light Reading previously asked that question. Amdocs, another software company that develops business and operational support systems for networks, declined to announce any Russia sanctions, while saying it would comply with legislation, when approached by Light Reading last month.
Nokia, however, has confirmed that its roughly 800 employees in Russia are not on any kind of furlough, implying they are still at work. What's more, a number of these staff members are employed in the sensitive field of research and development. There is skepticism these individuals have been redeployed or are effectively being paid to do nothing.
The Finnish equipment vendor is unlikely to be unique. The LinkedIn data that Light Reading examined is not an accurate indication of headcount. Numbers are sometimes too high because of listings by contractors or former employees. They can be too low simply because not everyone maintains or has a LinkedIn account. But as a convenient, readily available proxy, they indicate there are several thousand people in Russia with a work connection to as few as ten major non-Russian telecom or technology vendors, including Nokia as well as China's Huawei and ZTE.
China syndrome
Because neither of the Chinese vendors has announced any Russia sanctions, they are arguably an even bigger risk than they formerly appeared. Still reliant on US components, ZTE could again incur the wrath of US authorities if it continues to serve Russian clients. It was previously hit with massive fines and placed on the US trade blacklist – cutting it off from vital US suppliers – for selling products to Iran and North Korea that included US technology.
Want to know more about 5G? Check out our dedicated 5G content channel here on Light Reading.
But Huawei is already subject to the most punitive sanctions, leaving US authorities with few weapons they have not already discharged. Of the 164,139 people with a Huawei LinkedIn profile on the morning of April 8, some 1,860 were based in Russia. Before the invasion of Ukraine, security watchdogs in the US and Europe worried Huawei's products might feature "backdoors" for snooping or sabotage, included at the behest of China's government. Those watchdogs may now fear interference from both the Chinese and Russian governments.
It puts major European customers in a difficult position. Outside the UK and Sweden, where Huawei faces 5G bans, numerous service providers, including Deutsche Telekom, Orange and Vodafone, have continued to use the Chinese vendor's products, and political opposition has been limited. Asked if they were reassessing their relationships with Huawei after Russia's invasion of Ukraine, none of those operators either responded or was prepared to comment. Unfortunately, many of the alternatives no longer seem ideal.
Related posts:
— Iain Morris, International Editor, Light Reading