Pentagon Reveals "Do Not Buy" Software List
The security stand-off between the United States and Russia and China is set to intensify after the Pentagon revealed it has been developing a “do not buy” list of software originating from the two hostile nations.
The Defense Department’s acquisitions boss, Ellen Lord, told reporters that the list was begun six months ago in concert with US intelligence agencies.
As the name suggests, once a vendor is included on the list, their products will be boycotted by the Pentagon as a security risk.
However, drawing up the list has apparently not always been easy given that Beijing and Moscow are keen to hide the true origin of some companies.
"What we are doing is making sure that we do not buy software that is Russian or Chinese provenance, for instance, and quite often that is difficult to tell at first glance because of holding companies," Lord reportedly said. "We have identified certain companies that do not operate in a way consistent with what we have for defense standards."
Chinese telecoms firm ZTE and Russian AV firm Kaspersky Lab have been early casualties in an escalating Balkanisation of global technology flows.
Kaspersky Lab was banned for government use after fears of ties to Russian intelligence which it claims were never substantiated by lawmakers, while both ZTE and Huawei could yet face similar bans on their products if a defense authorization bill for fiscal 2019 passes Congress.
“It really speaks to cybersecurity writ large, which is one of our greatest concerns right now," Lord said. "This is a challenge for us in terms of how to deal with the industrial base, particularly small companies who don’t always have the resources."
Terry Ray, CTO at Imperva, argued that governments have always placed strict controls on foreign technology providers.
“It is common for the US government to scan software used in its environments for backdoors and other embedded code, or configurations that may allow hidden or previously unidentified connections, inbound or outbound to the technology,” he said.
“At the moment, I have not seen details on any new inspection processes which makes me think the technical review will utilize existing techniques. However, it’s important to note that other well-developed countries operate similarly and prefer to purchase and implement in-country or open source technology, in lieu of off-the-shelf products offered by the US or its allies.”
Source: infosecurity-magazine
Latest Jobs
-
- Healthcare Business Development Manager
- London
- Up to £60,000 Base + UNCAPPED Earnings
-
Healthcare Business Development Manager We are currently working with a multi-vendor IT solutions provider who are looking for a Business Development Manager who will be responsible for selling into the Healthcare Industry in a new business focussed position. The Healthcare Business Development Manager will have Current/Recent experience working for an IT managed services business/solutions provider. Experience delivering £150,000+ GP a year Current/Recent experience winning new healthcare accounts (all accounts won are kept) Flexible working is provided and also uncapped earnings. Apply for more information or call Peter Georgiou on 02086634030. Unfortunately, our client are unable to provide sponsorship so candidates must be UK based (commutable to London). Ref PG7577
-
- Cyber Incident Response specialist
- London
- Up to £75,000 Base
-
Cyber Incident Response specialist is needed to join a global consultancy whose cyber business unit are continuing to their investment in the growth of their team. The Cyber Incident Response specialist role is client-facing that will join an award-winning team that deliver varied, interesting and often challenging work to a wide range of prestigious clients. The Cyber Senior Incident Response MUST have current experience taking a client through the complete IR / triage process and have a blend of both technical and commercial (identifying and developing new business opportunities within a client) Proactive Incident response, forensics and Ediscovery experience is a MUST. An individual must be London commutable and happy to travel, often internationally. Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within an cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) Any of the following are very desirable also CREST Certified Network Intrusion Analyst (CCNIA) CREST Certified Host Intrusion Analyst (CCHIA) CREST Certified Malware Reverse Engineer (CCMRE) CREST Practitioner Intrusion Analyst (CPIA) Career development and the opportunity to influence, apply today for more information or call Chris Holt on 07884666351 or 02086634030 or email chris.holt@dclsearch.com Unfortunately, our client are unable to provide sponsorship for this opportunity. Candidates must be UK based. Ref: CH7578
-
- Sales Engineer (Telecoms, Ethernet, SDH, MPLS, IP)
- Paris
- Up to €75,000 + Commission
-
Sales Engineer / Presales Consultant is needed for this Global Tier 1 carrier. You will be working with Enterprise customers helping to design solutions that solve your their business needs. You will be responsible for working alongside sales providing presales technical consultancy around my client's solutions base. You will be responsible for providing support for new business opportunities in terms of responding to RFIs & RFPs, understanding customer network requirements, high-level network architecture & design (including supplier selection on a global basis) and technical handover to network implementation teams. This is a great opportunity to join a global player who are growing their France based teams. You will require a successful track record in the telecommunications arena ideally from a global tier 1 ISP or network provider, with a demonstrable track record in designing complex enterprise solutions. A Sales Engineer needs to be technically astute and has had experience in the design, presentation, and implementation of Wide Area Networks (WAN). They need to understand a range of Layer 1, 2, and 3 technologies (Ethernet, SDH, MPLS, IP, etc) and build a solution based on the best technology to meet a customer’s requirements. In addition, they should have an understanding and experience in supplementary telecommunications services such as VoIP, Video Conferencing, Cisco and Riverbed hardware, and Security If you have any questions about this role, give us a call on 0044208 663 4030 or contact/send your CV to robert.anderton@dclsearch.com Ref: RA7275
-
- Partner Manager (Network and UCC Services)
- Germany
- Up to €100,000 plus €60,000 OTE, car allowance and benefits
-
We are looking for an experienced Partner Manager / Channel Manager to work for a global service provider to sell their Global SIP and Network Services to Enterprises and corporates through the partner market. This is a hunter role, and looking for an experienced salesperson who has knowledge of selling to and through the SI, Cisco and Microsoft Resellers. You will be responsible for Own and formulate a Sales and execution plan to get to quarterly targets Generate Leads from the partners Work with the Partner salesperson to help close deals. Acquire new partners and Deliver Quarterly numbers through the partners Work with Partner Marketing to create and run joint Partner plans/events to drive sales You will need to have experience in selling at least one of these services, global SIP, UCC and SD-WAN into and through the channel of, European Sis, Cisco or Microsoft resellers. Hunters who can identify key decision-makers in the targeted accounts Should be credible for partner to trust the person with leads and opportunities Drive to work through leads to closure along with the partner salesperson Ref: RA7277