THE TRUMP ADMINISTRATION has put together a 'do not buy' list of companies that use software of Russian and Chinese origin, Ellen Lord, the undersecretary in charge of procurement in the Department of Defense, has admitted.
The Department has been working on the list for the past six months or so, following the federal ban on Kaspersky security software, signed by President Trump. The list has been compiled in conjunction with US intelligence agencies, according to Bloomberg.
"What we are doing is making sure that we do not buy software that is Russian or Chinese provenance, for instance, and quite often that is difficult to tell at first glance because of holding companies," said Lord.
"We have identified certain companies that do not operate in a way consistent with what we have for defence standards."
Lord didn't disclose which companies made its 'do not buy' list, nor whether the list might be shared outside of the US defence and security communities - with power and other critical infrastructure companies, for example. She hinted, though, that the Pentagon had some evidence backing up its move.
"We had specific issues … that caused us to focus on this," Lord said at a press conference on Friday.
The US Department of Defense has now started circulating the list to defence contractors, large and small, via a number of defence industry trade associations. "It's a huge education process," Lord said.
The list comes at the same time that governments across the world are starting to demand access to source code of software, whether packaged or embedded in hardware, citing their own security concerns. Last year, for example, IBM, Cisco and SAP were all compelled to open up their code to the scrutiny of Russia's intelligence service, the FSB, according to Reuters.
In addition, HPE had also revealed the source code for its ArcSight security product - widely used by the US military - to Russia's FSB.
Recent IT security laws in China also compel companies operating in the country to reveal their source code to the authorities. µ
Upcoming flagships might not switch to USB-C after all
Netflix without the chill
The best things come in the same sized package as last time
'Open source' and 'Microsoft' in same sentence shock