Pentagon: We’ll Keep Buying Software That Russian Spies have Looked Through

By Patrick Tucker

October 5, 2017

In June, Reuters reported that several defense contractors, including IBM, Cisco, and Germany’s SAP, had allowed the FSB to inspect key aspects of the source code for various software products. In October, Reuters added to the list  an HP Enterprise product called ArcSight, described as “a cybersecurity nerve center for much of the U.S. military, alerting analysts when it detects that computer systems may have come under attack.” Reuters quoted a former senior Commerce Department official saying, “It’s something we have a real concern about.”

Concerns aside, the Pentagon says there was no specific policy or rule to prohibit buying consumer-of-the-shelf equipment or products inspected by the FSB. Pentagon spokesman Army Maj. Jamie Davis said the Defense Department would address concerns about FSB-scanned products in accordance with its 2012 policy on software trust issues: DoDI 5200.44, or the Protection of Mission Critical Functions to Achieve Trusted Systems and Networks.

There is no plan at this time for a review or investigation, and there is also no plan at this time to require that contractors reveal the source code they have shared,” Davis said.

By Patrick Tucker // Patrick Tucker is technology editor for Defense One. He’s also the author of The Naked Future: What Happens in a World That Anticipates Your Every Move? (Current, 2014). Previously, Tucker was deputy editor for The Futurist for nine years. Tucker has written about emerging technology in Slate, The Sun, MIT Technology Review, Wilson Quarterly, The American Legion Magazine, BBC News Magazine, Utne Reader, and elsewhere.

October 5, 2017