U.S. Congress is hell-bent on making sure that foreign companies do not in any way infiltrate government software programs. And now tech companies could soon be forced to divulge if they have allowed foreign government agencies in countries like Russia or China to examine their software.
Congress has just passed a bill that will force software companies to disclose any foreign software probes as part of the Pentagon’s spending bill. The bill was published after Reuters discovered last year that some software makers had allowed a Russian defense agency to search for vulnerabilities in software used by U.S. government agencies, including the Pentagon and other intelligence services.
Lawmakers contend that such a practice could help Moscow or Beijing to discover vulnerabilities that they can use to exploit or attack the U.S. government.
The final version of the bill was approved overwhelmingly by the Senate in an 87-10 vote after the House gave its nod last week. President Trump is expected to soon sign it into law.
Selling Software to Foreign Companies
Software companies such as McAfee, SAP and Hewlett Packard have in the past allowed foreign government agencies to scour software source code as part of due diligence prior to purchasing. In most cases, the probes happened without any U.S. government agencies being informed.
But these companies have defended themselves by claiming that any source code reviews in the past have been conducted in company-controlled facilities with zero chance of the reviewers copying or altering any part of the code. HP says that none of its new generation of products has undergone such checks.
The disclosure mandate is the first of its kind that will see the Department of Defense create a searchable database that other government agencies can check and see which foreign states have examined what software. The database will also be available for public records requests, a pretty unusual step considering that we are talking about third parties gaining access to proprietary company secrets. Related: Tesla Short Sellers Just Took A $1.7 Billion Hit
Indeed, there are fears that the legislation might make software companies reconsider selling any software to U.S. government agencies. Tommy Ross, senior director at The Software Alliance, said software companies are likely to choose selling their products to foreign markets to evade strict controls back home.
Ross has highlighted the latest move by U.S. lawmakers as part of a worrying global trend where companies are closing down to the outside world in a bid to mitigate cybersecurity risks.
He might be spot on with his views, but the government’s clampdown could be a necessary evil.
The U.S. government has increasingly been cracking down on any potential cyber risks from Russia, going as far as banning all federal agencies from using any software used by Russia’s Kaspersky Labs. It’s alleged that Kaspersky officials collaborated with Russian intelligence agencies under government laws that allow agencies to request or even compel software companies to intercept communications transiting Russian networks. There was a risk that Kaspersky products could be used by the Russian government to compromise federal information systems that directly implicate U.S. national security.
Russia has been directly implicated in a number of highly aggressive cyberattacks, including a massive hacking attack that crippled Ukraine’s power grid in 2015 as well as the infamous Petya hacks that swept across large swathes of Europe.
The country’s role in U.S. 2017 elections is also still under investigation with social media companies including Facebook, Twitter and Google due to face Congress for another round of questioning come Sept. 5.
By Alex Kimani for Safehaven.com
More Top Reads From Safehaven.com