The US Department of Justice wants to educate its contractors and military software buyers about malicious software that could infiltrate the country’s infrastructure.
For fear of nation state attacks and cyberespionage attempts, the Pentagon has released a “Do Not Buy” software list that has been in development for approximately six months, writes Defense One. The list includes all software that is not according to “national security standards,” said Ellen Lord, defense undersecretary for acquisition and sustainment, and looks at companies with suspicious links to Russia and China.
US intelligence and officials from the Department of Justice have been working together to detect “certain companies that do not operate in a way consistent with what we have for defense standard.”
“We had specific issues … that caused us to focus on this,” Lord said in an interview.
“What we are doing is making sure that we do not buy software that’s Russian or Chinese provenance,” she said. “Quite often that’s difficult to tell at first glance because of holding companies.”
To ensure the list is as accurate as possible, the US Department of Justice is closely working with the Aerospace Industries Association, National Defense Industrial Association and Professional Services Council.
The names of the companies on the list has not been released, however Kaspersky Labs and ZTE have already been placed on a ban list.
According to a report from the National Counterintelligence and Security Center, foreign governments have asked access to software source code US companies want to sell abroad, which may lead to vulnerability exploits.
“Recent Chinese laws—including laws on national security and cybersecurity—provide Beijing a legal basis to compel technology companies operating in China to cooperate with Chinese security services,” reads the report.