Please note that we're still discussing this change. We work out in the open so you can see us working on it. I hope that people appreciate the difference between that and what you would see in a non-transparent company (probably nothing, they would just not open up a vacancy in the offices in that country).
Additionally would this extend to individuals who are of Chinese or Russian origin? China in particular leans on nationals who are on visas or have family still in country to conduct espionage operations.
Discriminating on origin is likely illegal.
It sounds like you just need to harden your production perimeter. Jump boxes with two-man-rule access and terminal logging. Apply the same practices to data as you do code.
> Discriminating on origin is likely illegal.
You should ask your legal folks about the national security exceptions of Title VII. It sounds like your customer requirements are pushing you in that direction anyway.
The reason this is viewed from a US legal perspective is because we are a US company so we are governed by US laws.