Google’s lesson: innovation has to be accompanied by reliability

While we wait for next move in the standoff between Google and China, the most profound impact of the Google incident may have little to do with Internet censorship. Rather it is likely to change the shape and speed of technological development in the information technology sector. The announcement that the search engine giant was hacked in China highlights two emerging tensions between a globalised model of innovation and security of companies that should lead them to pause the pace of change to better accommodate security and reliability.

The first tension is geographic.

Over the last two decades, multinationals have globalised innovation by setting up research centres in many corners of the world and linking R&D, manufacturing, and supply chains in dispersed markets. Massive information and communication technology networks allow a project, whether developing new software or designing the next generation of microprocessor, to be worked on almost continuously as daylight moves from Oregon to India and then to Israel and Ireland and back to Oregon.

As the Internet remains the main vehicle of this global co-operation, each link in that chain introduces vulnerabilities that can be exploited by criminals as well as “patriotic hackers” - private individuals or groups who, with tacit or direct government support, steal valuable intellectual property on the behalf of that government. According to the security firm Netwitness, over the last 18 months hackers in China and Eastern Europe broke into more than 2,500 computers in companies and government agencies in order to steal personal and corporate data.

Moreover, actually moving production and R&D, not just connecting them virtually, can have a negative impact on security. Geography still matters since physical supply chains that involve sharing of components themselves are vulnerable as intelligence agencies insert spyware into chips and other hardware at the point of manufacture. The fact that counterfeit Cisco routers - a critical component in Internet transmission - have already showed up in the networks of major technology companies and defence contractors demonstrates how porous supply chains are.

Time is the other source of tension.

Technology is spreading at an ever faster pace and the time to market for new products has been radically shortened. To remain competitive, companies must innovate at breakneck speed, but the focus on speed has come at the expense of reliability, safety and security. Google may be the best example of this trend, with small teams of engineers racing to get Google Maps, Gmail, Picassa, and other products into beta-testing and out on the web.

Some products worked, some didn’t, but security was often an afterthought in developing new offerings - as the recent outcry over security and privacy concerns on the social networking service Buzz clearly demonstrates.

The fault was not Google’s alone. Most of the industry acted the same way and promoted speedy innovation over security. In the rush to get new products, with new features to market, the number of errors introduced has grown significantly. Many of these errors or bugs are security vulnerabilities that can be used to gain access to proprietary information or alter operations, and it is suspected that the hackers gained access to Google in part through a vulnerability in the Internet Explorer web browser.

This was less a problem when computers were not as critical as they are today, and when manual backups for operating hydro-electric projects, power plants, and military communications still existed, but now information technology must be as reliable as every other form of infrastructure.

This is especially true in the emerging area of smart grids, networks that use information technology to monitor and distribute power efficiently. Last April, the Wall Street Journal reported that the US electricity grid was penetrated by foreign intelligence agencies that left malware behind designed to take down the grid remotely.

A massive blackout in Brazil in 2007 has been blamed on hackers as well as faulty maintenance on high voltage insulators.