May 2009 Archives

Obama's major election promise of changes to the U.S. Tax Code that, among other things, would remove tax deductions for companies that take jobs overseas, may have many supporters among US tax payers. But India, the country that has grabbed the biggest chunk of the US's IT outsourcing pie, is strongly reacting to that proposal, and is lobbying hard in the US to convince authorities that any such protectionist move would not only have serious connotations for India, but would also mean loss of opportunities for American giants.

And playing ball with India are at least two American IT giants, Microsoft and Cisco, as well as international business strategists like Robert Kennedy of University of Michigan's Ross School of Management.

The first international push-back against this proposal has come from none other than the NASDAQ-listed Infosys, the country's poster-boy software services provider. In its annual filing with the US Securities and Exchange Commission, Infosys said that Obama's proposal, "may adversely impact our [Infosys' and thus Indian IT industry's] ability to do business in the jurisdictions in which we operate, especially with governmental entities."

Indeed, ever since Obama made that announcement, India has been losing sleep over how that move, if enacted into a law, could impact India's money spinning outsourcing industry that earns annual revenues of about $72 billion, $47 billion of which is from exports. Of that figure, 60 percent comes from the United States.

But instead of cribbing over how that proposal if turned into a law would hit Indian IT companies, the industry has adopted a clever stance of harping on how the US giants would be hit harder than their Indian counterparts.

Thus, the argument that the industry is putting forward is that some of the biggest beneficiaries of outsourcing are not really foreign IT companies but actually US' Microsoft, HP and General Electric, to name just three.

Any hurdle created for outsourcing would result in much higher wages that would inflate their costs and thus, damage competitiveness in the long run for a few short-term benefits.

"That will hardly achieve the proposal's stated purpose," said a source from NASSCOM, the Indian IT industry's apex trade body, requesting anonymity. "And it will not be good for the US economy either."

Microsoft's, CEO, Steve Ballmer agrees. In a reaction to the Indian media on Obama's proposal Balmer said, "the [US} government will also have to be thoughtful because there are unintended consequences: will their actions create jobs in the US, or will they tend to drive even more jobs out of the US. In general, business is saying this is not a good thing."

Cisco, on the other hand is blatantly critical. Spokesman John Earnhardt (as quoted in UPI), said that "if rules are changed on tax deferral and we are taxed in the (United States) on non-U.S. profit, this significant additional U.S. tax would adversely impact our ability to invest and grow our business in the United States and to compete against our foreign competitors who are not subject to this U.S. tax."

Of course if these giants start sneezing, Indian IT companies could catch a cold too. That is because even Indian companies, both IT and some others, get a lot of business outsourced from these companies. Perhaps these companies will have to start looking at other parts of the world as well as inwards; that is developing the local markets.

But that may be good news according to Karthik Shekhar, the secretary general of Unites Professional, the fledgling but fast-growing information technology labor union in India.

"Although it is impossible to stop outsourcing no matter what hurdles is put in its way; if it saves costs, US companies would not be deterred by higher taxes. But in way the proposal could be a blessing in disguise for the Indian IT sector," he says. "The Indian IT sector depends too much on US. It is time that the industry starts looking elsewhere and develops other markets."

Meanwhile according to Robert Kennedy, even if Obama's proposed changes makes it slightly less attractive for US firms to operate abroad, and puts them at a disadvantage compared to non-US firms, tax saving is a very minor issue.

The major reasons for going offshore include, he says, labor cost savings, access to better skills, access to advanced delivery platforms, etc., and tax treatment doesn't even make to the top ten reasons.

This why, off-shoring will continue and these proposed changes will have little or no effect, says Kennedy.

Here is some good news - or at least not so bad news - and some bad news. In the last year, malicious activities over the Internet have declined in the U.S. And the country is no longer the number one destination for cyber criminals when it comes to attacking government computer networks: China's government computers are now the top focus of cyber criminals these days.

But the bad news is that in terms of general malicious activities, the U.S is still the country that generates the highest numbers of cyber crime attacks. And the nature of these attacks is shifting. Data breaches and theft is getting increasingly dangerous, especially for governmental and critical infrastructure organizations.

What's more; attackers are not only getting smarter in beating many of the sophisticated defense mechanisms, they are also diversifying their range of threat options. And in some cases, they are even expanding the reach of their operations.

These are the highlights of Symantec's Government Internet Security Threat Report just released, which said that the U.S. has not only remained the top country for overall malicious activity in 2008. It was also ranked first for a number of categories within this, including for malicious code, phishing website hosts, and originating attacks.

According to the report, attacks on government computer networks in U.S. that resulted in  compromised or stolen information increased by 40 percent from 2007 to 2008.

As in the previous year, the most common attacks targeting government organizations in 2008 continued to be denial-of-service (DoS) attacks.

This is a cause for worry because it puts much of the critical infrastructure performing essential functions at risk to attackers who might choose to exploit such essential functions.

For instance a DoS attack on the transportation sector's network can siphon off funds, as well as cause large-scale disruptions in the services.

The second most common type of attack against government networks is what has been the biggest target of all criminals; Simple Mail Transfer Protocol (SMTP), or emails. The report fears that criminals have acquired the ability to spoof government communications to obtain credentials to launch further attacks. Consequently, such attacks have also acquired the power to compromise the integrity of information and communications within governments.

One important and rising area of concern to governments is the increasing use (and capacity) of removable media. "Many organizations lack effective security measures to protect against such dangers," said the report.

For instance, 59 percent of employees admitted to taking company information--such as email addresses, contact information of customers, employee records, and financial records--when leaving the organization. Of those, 11 percent admitted to taking data, 53 percent downloaded information onto a CD or DVD, 42 percent took data using a USB drive, and 38 percent sent attachments to a personal email account.

Nevertheless, for attacks specifically targeting the government sector, 2008 marked the first time that the United States was not the top country of origin. Here again, the U.S. was surpassed by China, which ranked first as the source of attack with 22 percent of the attacks on the government sector. (For U.S. the figure was 12 percent).

China also had the second highest total for l worldwide malicious activity in 2008, accounting for 9 percent; this is a decrease from 11 percent in the previous reporting period.

The reason for this is simple; along with the fact that China has the most broadband subscribers in the world, the amount of time spent online by users there makes the country lucrative for malicious attacks.  "The longer a user is online, the longer the computer is exposed to malicious attack or compromise, and Internet users in China spending more of their leisure time online than users in any other country" said the report.

According to Mark Fossi, the report's author, although profit is often a motive behind the attacks targeting governments, because "governments store considerable amounts of personal identification data," political gains sometimes supersede profit as the dominant motive.

 "Government databases store information that could attract politically motivated attacks, including critical infrastructure information and other sensitive intelligence," said the report.

The report is an eye opener on a common belief that attacks on government computer networks particularly in countries such as the U.S., India and Belgium, originate, almost always, from China.

Symantec's research has revealed that attackers often attempt to obscure their tracks by redirecting attacks through one or more servers that may be located anywhere in the world. This means that the attacker may be located elsewhere than the country from where the attacks appear to originate.

Similarly, malicious activity originating in the U.S. may not necessarily mean it is initiated by attackers located in the US. "Frequently attackers will connect through multiple computers in geographically diverse locations before connecting to the computer launching the attack," says Fossi. "Because of this it's difficult to pinpoint the actual geographic location of the attackers themselves. Rather we are only able to see the computer launching the attack, hosting the phishing website, and seeing malicious code infection attempts."