Pentagon Reveals "Do Not Buy" Software List
The security stand-off between the United States and Russia and China is set to intensify after the Pentagon revealed it has been developing a “do not buy” list of software originating from the two hostile nations.
The Defense Department’s acquisitions boss, Ellen Lord, told reporters that the list was begun six months ago in concert with US intelligence agencies.
As the name suggests, once a vendor is included on the list, their products will be boycotted by the Pentagon as a security risk.
However, drawing up the list has apparently not always been easy given that Beijing and Moscow are keen to hide the true origin of some companies.
"What we are doing is making sure that we do not buy software that is Russian or Chinese provenance, for instance, and quite often that is difficult to tell at first glance because of holding companies," Lord reportedly said. "We have identified certain companies that do not operate in a way consistent with what we have for defense standards."
Chinese telecoms firm ZTE and Russian AV firm Kaspersky Lab have been early casualties in an escalating Balkanisation of global technology flows.
Kaspersky Lab was banned for government use after fears of ties to Russian intelligence which it claims were never substantiated by lawmakers, while both ZTE and Huawei could yet face similar bans on their products if a defense authorization bill for fiscal 2019 passes Congress.
“It really speaks to cybersecurity writ large, which is one of our greatest concerns right now," Lord said. "This is a challenge for us in terms of how to deal with the industrial base, particularly small companies who don’t always have the resources."
Terry Ray, CTO at Imperva, argued that governments have always placed strict controls on foreign technology providers.
“It is common for the US government to scan software used in its environments for backdoors and other embedded code, or configurations that may allow hidden or previously unidentified connections, inbound or outbound to the technology,” he said.
“At the moment, I have not seen details on any new inspection processes which makes me think the technical review will utilize existing techniques. However, it’s important to note that other well-developed countries operate similarly and prefer to purchase and implement in-country or open source technology, in lieu of off-the-shelf products offered by the US or its allies.”
Source: infosecurity-magazine
Latest Jobs
-
- Google Cloud Data Engineer
- London
- Up to £90,000 Base
-
Google Cloud Data Engineer London Salary: Up to £90,000 Base We are currently working with a leading Google Cloud partner who are currently looking for a Google Cloud Data Engineer in London. The Google Cloud Data Engineer will be responsible for projects designing and implementing data cataloguing platforms using Google Cloud. Current Experience Required: Google Cloud (MUST be Google Cloud Professional Engineer Certified and worked on recent GCP/Google Cloud Projects). Data Analytics (Data Engineering, Data Mining, Data Cataloguing etc.) Cloud PUB / SUB Candidates must be UK based and commutable to London. Candidates outside of the EU can not be sponsored Apply for more information or call Peter Georgiou on 02086634030. Ref: PG7692
-
- Microsoft Azure Sales Consultant
- London
- Up to £100,000 Base + OTE
-
DCL are currently working on behalf one of the fastest growing service providers in London who are on the lookout for a consultative Microsoft Azure Sales Consultant. The Microsoft Azure Sales Consultant will be responsible for selling (opening and closing new business opportunities new business) and being the SME in all things Cloud providing support to other members in the sales team. Preference will be given to the Microsoft Azure Sales Consultant who possesses Exceptional knowledge of Cloud Technology (Public / Private / Hybrid.). Current experience with technology such as Azure, AWS, Office 365 is required Proven sales experience of identifying and closing new business within the Cloud market. Must be currently selling into the enterprise market. Consistency on tenure in current and past roles. New business background is a must In return you will be working for a successful, growing SME organisation with excellent training and sales support from pre-sales, post-sales, project management, service management, bid management, pricing and customer service. Candidates must be UK Based. sponsorship can not be provided for this role. Reference Number: BD7690 (Cloud Sales Jobs, Cloud Computing Jobs, Cloud Computing Sales)
-
- Senior Incident Cyber Response Consultant
- London
- Up to £75,000 Base
-
Senior Incident Cyber Response Consultant with Forensic experience is needed to join a global consultancy whose cyber business unit are continuing to their investment in the growth of their team. From my perspective, as a recruitment partner, this is a particularly interesting and exciting opportunity. Not only is the team in an active growth mode, but they have varied, high profile and interesting projects for their team. Globally recognised. This is an opportunity to drive and grow a career. Experienced Senior Incident Cyber Response Consultant is needed to help take clients through the complete IR / triage process. The position is be client facing and will be expected to engage with clients at a commercial level. Proactive IR planning is also key to the position. The Senior Incident Cyber Response Consultant will not hold a sales target, but any previous experience in identifying and generating revenue is highly sort after. A broad forensic background would be highly desirable also. An ideal Senior Incident Cyber Response Consultant will be CREST CCIR, CCIM certified. Experience with forensics is highly desirable. Any of the following are very desirable also CREST Certified Network Intrusion Analyst (CCNIA) CREST Certified Host Intrusion Analyst (CCHIA) CREST Certified Malware Reverse Engineer (CCMRE) CREST Practitioner Intrusion Analyst (CPIA) An individual must be London commutable Key attributes should also include; stakeholder engagement, mentoring of team members, a collaborative working style. Technical experience must include; demonstrable experience within cyber incident response, Forensic, cyber etc. Additional certifications could / should include GIAC certified (Intrusion analyst, incident handler, forensic handler) The opportunity for an individual to conduct malware research and analysis is actively promoted. Career development and the opportunity to influence, apply today for more information or call Chris Holt on 07884666351 or 02086634030 or email chris.holt@dclsearch.com Unfortunately, our client are unable to provide sponsorship for this opportunity. Candidates must be UK based. Ref: CH7679 (Incident Response Jobs, CREST Jobs, Digital Forensics Jobs, IR Jobs)
-
- Principal Electrical Engineer
- London
- Salary: Up to £90,000 Base + Bonus
-
Principal Electrical Engineer Location: London Salary: Up to £90,000 Base + Bonus A Principal Electrical Engineer is needed for a state of the art, London based Data Centre provider. The Principal Electrical Engineer will be responsible for all of the Mechanical & Electrical components (support, development/design etc.) within our clients Data Centre’s. Other responsibilities include but not limited to; Commissioning, approving, design & review/improvement of new data centre infrastructure Commercial’s (Contract negotiation, project finances etc.) Project management Training/Development of other staff General engineering tasks Requirements HND / Degree in Engineering or equivalent. Must have current/recent experience (ideally in a senior position) within a mechanical & electrical position within a Data Centre environment Candidates must be UK based and unfortunately, our client are unable to provide sponsorship Ref: PG7600 (M&E Jobs, Mechanical & Electrical Jobs, Engineering Jobs, Data Centre Jobs, Data Center Jobs)