US sanctions on Russia could have certain downstream effects for US security buyers.
The US and many nations have imposed sweeping and severe sanctions on Russia after it invaded Ukraine. These sanctions could have certain downstream effects for US security buyers.
Asmag.com recently spoke to Brian Schwab, Founder and Principal Consultant of S3SDC and partner at eSRX, to understand the extent of these effects. Here we present the physical, security, cyber security, and supply chain impacts in detail.
Also read: War in Ukraine: What it means for physical security
Impact of sanctions on physical security buyers
This category includes video surveillance equipment, access control, intrusion detection equipment, etc. The current sanctions list prohibits the export of advanced, dual-use technology to Russia. This will seriously curtail that country’s ability to produce physical security components or equipment of any value for export purposes. But the impact will not be the same for buyers in the US.
“When analyzing the overall global physical security equipment market, in my opinion, Russia does not produce any equipment in this area that is qualitatively or technologically distinctive from any other global producer,” Schwab said. “Generally speaking, physical security equipment, or components thereof, are what economists call “substitutional goods.” This means that given price and availability, a consumer can simply switch from one equipment manufacturer to another and still be able to meet their immediate security needs with little noticeable loss in quality.”
That said, Russia is not a major global market player in equipment production. Most of the top physical security equipment manufacturers are in Asia, western Europe, and the Americas. The market for Russian physical security goods in the US is already minuscule, and these sanctions may not have any noticeable impact on US buyers in sourcing products.
More impact on cybersecurity
Any tangible impact of the sanctions is likely to be felt in the cyber security realm. The COVID-19 pandemic transformed the everyday work environment making telecommuting or remote work the new norm. Online communication devices and info sharing platforms (such as Zoom, Teams, and Dropbox) have become extremely popular.
This has increased the number of potentially vulnerable devices and network connections, resulting in a sharp rise in the number and type of potential threats US businesses and other organizations face.
“One major Russian cyber security firm, Kaspersky Labs, has already said it will be unaffected by the sanctions and that it will fulfill its contracts and obligations to international customers and partners,” Schwab continued. “This seems to be because Kaspersky opened a security network data center in Zurich, Switzerland, to handle information voluntarily shared with users in North America, Europe, and Asia.”
This allows Kaspersky to mollify any concerns that Russia can exploit data, with or without the company’s cooperation or consent. Yet, Kaspersky’s sales in the US market were flat in 2020 and were estimated to have increased by 2.8 percent in 2021.
Any specter of doubt in the minds of many US security buyers, already cautioned by the 2017 National Defense Authorization Act and actions taken by the US Department of Homeland Security that same year, will likely have already caused many to switch their service provider to a non-Russian organization.
Cybersecurity threats also impact buyers
A second-order effect of the sanctions would be hacktivist or state-sponsored cyberwarfare activities aimed at disrupting business activities, compromising data, and other nefarious activities conducted on behalf of the Russian state.
“This is where I would anticipate the largest financial impact to US security buyers will likely be seen through an increase in costs associated with data protection measures,” Schwab said. “However, with increasing ransomware attacks over the past few years, many US firms have already begun to move in this direction. As such, the second-order effect of implementing these security activities may already be factored into these US firms’ acquisition process and not as much of a heavy lift as one may at first think.”
For those who have not switched but remain committed to using one of several large data analytics firms of Russian origin or location, there are legal issues that must be measured and assessed as part of those firms’ Enterprise Security Risk Management process.
This will likely require US buyers to assess their contracts with these Russian firms to determine whether force majeure measures exist, whether these protections would apply
(i.e., the undeclared war Russia launched may not be included under force majeure provisions), and how any potential risk of data exposure, compromise, or loss may impact the US company’s downstream clients.
If force majeure is not viable, protections may be available under “Restatement of Contracts,” which would allow cancellation of existing contracts due to either supervening impracticability or frustration of purpose. While these will not protect against possible misuse/abuse of data these Russian firms maintain, they will provide some measure of legal protection if data is breached or maliciously compromised.
Impact on the supply chain
Russia plays a small but essential role in supplying specific raw materials used to create security- and defense-related equipment. Russian raw materials, such as titanium, are integral parts of defense and aerospace equipment.
“However, many US firms had begun to diversify their raw materials suppliers following the 2014 Russian takeover and annexation of Crimea,” Schwab pointed out. “Firms may now begin to look to China to pick up the slack, but this is not a guaranteed way to eliminate supply issues caused by sanctions, given the trade war between the US and China that began during the Trump Administration as well as the growing Sino-Russian “strategic partnership.”
Conclusion
In short, Russia’s penetration into the US security market was limited even before this war started. Given Russia’s lack of market share, it is unlikely that US security buyers will see a significant impact from the sanctions imposed on Russia in the wake of its invasion of Ukraine.
The real impact will likely be a drop in immediate supplies of raw materials needed to create security-related equipment and devices. This will potentially cause short-term shortages that will increase prices and the availability of some equipment. However, as new raw material sources are developed, this is likely a short- to mid-term impact only for US buyers.
Finally, US firms will have to assess their existing contracts with Russian firms to protect themselves legally. While this is a time-consuming process in itself, US firms may also experience a corresponding increase in cyber security spending above pre-invasion levels to protect themselves against anticipated Russian cyberwarfare and other state-sponsored malicious hacking activities.