The recent disclosure that Moscow co-opted the popular Russian cybersecurity firm Kaspersky Lab to aid its espionage efforts has highlighted the danger of relying on companies from adversary countries for the security of sensitive government systems. While the federal bureaucracy and Congress now are acting decisively to end American dependence on Russian-made software products, America’s national-security infrastructure has an even deeper vulnerability to address.

In 2014 McKinsey & Co. estimated that more than 50% of personal...