[ad_1]
The US Department of Defense revealed that it was distributing a list of foreign software providers that it wanted to avoid to the military and its suppliers.
The news arrives a few days after a US government report on cyber espionage from China, Russia, and Iran, software supply chains are increasingly under attack.
Due to "specific problems", the Pentagon circulates a list of non-shopping software "National Security Standards", without giving specific details, reports the information site Defense One.
"What we are doing is making sure we do not buy Russian or Chinese software," said Ellen Lord, undersecretary.
The list, which was launched six months ago, aims to make clear to all those involved in the purchase of military software and its subcontractors which software has links with the Russia and China. the links are not always obvious due to the use of several companies holding .
In early July, a report by the British government raised concerns about the deficiencies in the engineering processes of the Chinese company Huawei that could jeopardize the UK's telecommunications networks.
Although the capacity of the Huawei Cybersecurity Assessment Center (HCSEC) has improved in 2017 and the technical work relevant to the overall mitigation strategy can be carried out on a large scale and high quality, the report states that the supervisory board can provide "only a limited guarantee" that all risks to the UK's national security report comes only three months after the National Center for Cybersecurity (NCSC) advised UK telecommunications sector to avoid the consequences of Huawei's participation in the critical networks of this country.
the use of equipment and services ZTE in China.
According to reports, the Pentagon works with the Indian Association. US Aerospace Utilities, the National Defense Industrial Association and the Professional Services Board to alert all contractors in the military supply chain about software providers identified as risky by the Pentagon and the US intelligence community.
The report recently published by The Foreign Economic Espionage in Cyberspace of the National Counter Intelligence and Security Center (NCSC) warns that the infiltration of the chain of custody. Software supply has already threatened the critical infrastructure sector According to the report, this infiltration is done in various ways, including through Chinese investments in US technology companies that work in artificial intelligence, through computer services. foreign intelligence that uncovers vulnerabilities to exploit. while they are looking at the source code of US companies asking to export software to Russia and China, and by operators injecting malicious code into the software before distribution.
The US Department of Defense. it introduced a set of standards for defense providers scheduled to meet last January, but was forced to backtrack when suppliers declared that they could not meet those standards.
Lord admitted to reporters that the Pentagon had "softened" some of his demands, but said that this should change and that the requirements should increase in the future, adding that the Pentagon planned to launch a " Red team "defense providers to test their position. In the UK, the Ministry of Defense continues to develop a joint initiative with the industry to enhance security throughout the UK defense supply chain, in particular in the UK. putting more and more emphasis on small and medium enterprises (SMEs).
"The Ministry of Defense supply chain includes a wide variety of organizations as materials manufacturers, infrastructure providers and product manufacturers, but cybernetic threats to the chain are real and the National Cybersecurity Strategy recognizes this, "said Phil Blunden of the Defense Ministry's Cyber Defense Protection Society (DCPP) at the 2018 Public Sector ICT Summit in London
Johnathan Azaria, security researcher at Imperva, said the news of the Pentagon's "do not buy" list is not surprising considering that some software made in China was sent with malware ready to to be used.
"The potential threat of such software goes from unintentional security issues that have not just been fixed. Bidder We hope the news on this list will urge manufacturers to put more emphasis on product safety, "he said.
Source link