Pentagon Creates 'Do Not Buy' List of Russian, Chinese Software

An anonymous reader quotes a report from Defense One: The Pentagon is warning the military and its contractors not to use software it deems to have Russian and Chinese connections, according to the U.S. Defense Department's acquisition chief. Officials have begun circulating a "Do Not Buy" list of software that does not meet "national security standards," Ellen Lord, defense undersecretary for acquisition and sustainment, said Friday. The Pentagon started compiling the list about six months ago. Suspicious companies are put on a list that is circulated to the military's software buyers. Now the Pentagon is working with the three major defense industry trade associations -- the Aerospace industries Association, National Defense Industrial Association and Professional Services Council -- to alert contractors small and large. Lord said defense officials have also been working with the intelligence community to identify "certain companies that do not operate in a way consistent with what we have for defense standard." Asked if programs and weapons were compromised by foreign software, Lord said, "These are more widespread issues. I don't think we're focused on one particular system."

Re:

[macraig]

It was a reference to Game of Thrones, idiot.

Re:

[macraig]

I wouldn't know such detail... I stopped watching after the first season when it became obvious it wasn't going to be escapist enough for me.

Re:

[Anonymous Coward]

It’s not a wall, it’s anti-hacking by a foreign government. This is long overdue basic digital security for military secrets.

Long overdue and still too relaxed.

Re: you ignorant slut!

[Anonymous Coward]

We just got hacked by the Russians and now you whine like a bitch when the government actually does something about it?

Are you fucking stupid or a Russian bot?

Re:

[Guy On A Sybian]

Recall, from another Defense One [defenseone.com] article, the Russians are using every trick possible to gain ground in cyber warfare. One of their biggest fronts is finding and not disclosing software vulnerabilities. This means that you don't even have to actively install Russian software for them to potentially be able to get into your computer.

I am a security analyst and recently took a trip to Russia. There are a lot of jobs [freelancer.com] out there. And they pay well. The Russians are looking for every way to "hook" into American

Re:

[Oswald McWeany]

When has a wall ever stood the face of time.

The Romans built a wall around my home town of Chester, large parts of it are still there... granted it has been repaired, and maintained, with parts rebuilt over the years.

The Chinese built long stretches of wall centuries ago that are still standing.

Walls can last a long time if properly built and maintained... the question is- is it smart to build the walls in the first place? In the 21st century a wall isn't very much of a barrier anymore.

Re:

[currently_awake]

America was built on unrestricted immigration. The huge waves of immigration was essential in invading the existing countries of North America and exterminating their citizens. Also the Apollo program, the Manhattan project, and the space shuttle were designed by immigrants.

Re:

[BrianMarshall]

And Albert whatsisname was an immigrant, and he turned out to be a pretty good physicist.

Free immigration

[Anonymous Coward]

This was all before the welfare state.

Re:

[Alypius]

Citation needed. We have always had legal immigration. Please cite your sources for the undocumented immigrants that contributed to the Apollo and Manhattan projects.

Re:

[drinkypoo]

Immigrants actually add value to the American economy, so it's not clear what you're on about...

Re:

[johanw]

What value? More profit for the CEO's because they keep the wages low?

Re:

[stealth_finger]

What walls can we build next? Oh, right: 200-foot walls along all our borders to keep the monsters and zombies at bay....

Which was a campaign promise, which a lot of people want, which would help us economically, and which should be at the very least debated without rancor.

Show us how unrestricted immigration will benefit us and we'll listen.

Debate by insult is not debate.

Show how the wall will benefit, and also while you're at it show how every country without one (so basically every country) has unrestricted immigration. How is the wall coming though? Because you're right, it was a promise, is Mexico still paying?

Re:

[cascadingstylesheet]

Show how not building a wall is the same as unrestricted free-for-all access to all and you are a genius ... but you can't, because you and your "arguments" are dog shit stupid.

Winning friends and influencing people, I see.

Re:

[drinkypoo]

If you had a valid argument you'd make it instead of crying about how you're being treated. You know who has a valid reason to cry? Asylum-seekers fleeing political situations created in large part by American greed, especially when our government kidnaps their children and locks them in cages.

Re:

[mnemotronic]

So far the only arguments against the wall have been a constant stream of infantile, verbal filth and absolutely zero reasoning or fact.

Does a pretty good job solidifying Okian's stance.

Fixed fortifications [wikiquote.org] are a monument to the stupidity of man -- General George S. Patton

Re:

[Anonymous Coward]

There are longstanding US immigration laws and policies. The laws were in place way before Trump was ever elected. All he has done is push for existing laws to be enforced as written. And the way in which people have been detained and separated from their underage children is the direct result of enforcing laws already on the books. Laws and policies that were put into place by the Legislative branch not the Executive branch. Those eager to dump the consequences of those laws are now basically arguing anyon

Re:

[Alypius]

DACA was initially rejected by POTUS as beyond his authority. But he saw the flagging numbers in the 2012 election and did it anyway, knowing that court challenges would be resolved after the election. There are already conditions for declaring asylum [uscis.gov] but hey, what are a few bribes to stand in the way of vote-seekers who try to ensure a permanent underclass? [washingtonpost.com]

Hey, Russia - if you're listening,

[Anonymous Coward]

Hey, Russia - if you're listening - put all Microsoft products on that list.

Re:Hey, Russia - if you're listening,

[Anonymous Coward]

Global (outside of US) "Do Not Buy" List":
* Microsoft
* Apple
* Google
* Facebook (and other "Social Media"
* Alexa / Cortana / next name "active" "smart" speaker/mic
* "Cloud" services with any US-based nexus.

Software you can trust!

[Anonymous Coward]

Great to know, a list of software that doesn't contain US government sanctioned backdoors. If the Pentagon doesn't like it, then you can be 99% sure it values your privacy and doesn't harvest your private data.

The irony, is that i might sound like a troll, but this is the truth.

Proprietary software is untrustworthy.

[jbn-o]

Great to know, a list of software that doesn't contain US government sanctioned backdoors. If the Pentagon doesn't like it, then you can be 99% sure it values your privacy and doesn't harvest your private data.

Actually the irony is that you can not be sure of that at all precisely for the same reason we can not trust so much of the software on and off this Pentagon list. Your post is currently moderated as "Interesting" but would be better moderated as "Funny" because it might be a joke, but it certainly is

Re:Software you can trust!

[drinkypoo]

"If the Pentagon doesn't like it, then you can be 99% sure it values your privacy and doesn't harvest your private data."

False. All it means is that it doesn't hand it to US intelligence agencies.

Re:

[Anonymous Coward]

And you care why? Are you fighting the Chinese? I'm sure the Special Forces guys are all atremble because the Chinese have their fingerprints! OMG! Maybe they have fingerprint seeking bullets too!

I feel much less threatened by spy establishments of other countries having my data than my government. Why?

I'm not a defense contractor with secrets to steal. I'm just an everyday Joe like the vast majority of Americans. Those spy organizations are never going to bother with me.

My government, on the other hand, co

Re:

[johanw]

No it won't. The deep state is not fond of Trump, he has not (yet?) started a single war in 2 years. They counted on Hillary for their income.

Re:

[PhrostyMcByte]

Man, way to bring me back to /.'s hayday. All we need now is for Netcraft to confirm it.

Re: Sensible precautions.

[that this is not und]

Windows 98 sux. Run Red Hat 4.3 instead.

Re:

[93 Escort Wagon]

Man, way to bring me back to /.'s hayday. All we need now is for Netcraft to confirm it.

... and a Beowolf cluster of Natalie Portman’s hot grits.

"Do Not Buy'

[beep54]

A perfectly reasonable idea that will be used for all the wrong reasons. So, standard operating procedure, I guess

Good Idea

[burni2]

Because the current behaviour of Russia and China isn't very friendly to say the least, it's very aggressive. And with such a whimp as a president who just needs to hear the magic words and he will give you the droll lock and roll over for Putin like a pet for his owner.

And please don't compare the behaviour of Russia or China to US-Israel-stuxnet. On the one side nobody in his right mind wants to have a nuclear armed Iran and on the other the action taken was precisely directed towards one goal, uran enric

US & Israel are always the GOOD GUYS?

[Anonymous Coward]

US & Israel are good, always good, and will be good forever.

On the other hand, China & Russia are bad, always bad, and will be bad forever.

Stuxnet is good, but anything coming out of China / Russia is bad.

Is that what you are saying??

Re:

[110010001000]

Where would you rather live: USA or Israel or China or Russia. There is your answer.

Re:

[110010001000]

Then don't. Musk will take you to Mars with him.

Re:

[110010001000]

I never mentioned politics. You didn't answer my question.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[drinkypoo]

In the US the politicians are elected.

Presidents are selected, not elected.â â Franklin D. Roosevelt

Re:

[currently_awake]

The reason that America is attacking Iran is because Saudi Arabia pays well to attack their enemies. And the US Government will happily overthrow a democracy with a good human rights record at the behest of a terrorist spawning (Taliban, ISSIS) oppressive dictatorship any day of the week.

Re:

[DavidHumus]

> ...don't compare the behaviour of Russia or China to US-Israel-stuxnet.

The attack that legitimized cyber-war, for which the most vulnerable country is the US, and which did not significantly slow down Iranian uranium enrichment for very long ( https://www.tandfonline.com/do... [tandfonline.com] ) ?

It is 2018

[110010001000]

Wait, it is 2018 and this list didn't exist already???

No mention yet ... had to do something

[Hognoxious]

Maybe they had trouble finding it because systemd didn't mount the drive correctly?
 

Includes ...

[CaptainDork]

Facebook, Instagram, Twitter, Snapchat, Whatsapp, and other social media platforms that foreign countries contaminate with ad-buying.

Re:

[JustNiz]

You really believe its ad=buying that is the danger here? Like the data from social media platforms isn't already being freely handed to and abused by at least the US government?

Re:

[CaptainDork]

You're talking about scraping personal data.

I'm talking about stirring the pot.

Where's the ...

[CaptainDork]

... list?

Re:Where's the ...

[l0n3s0m3phr34k]

This article [telesurtv.net] says "The list identifying these companies will be made available to Pentagon's acquisitions staff, she further pointed out, without providing any further details." So, I'm assuming the list isn't finalized yet. TFA says "Now the Pentagon is working with the three major defense industry trade associations — the Aerospace industries Association, National Defense Industrial Association and Professional Services Council — to alert contractors small and large." My guess is that once it's formalized it will be released to the companies that are members of those associations first.

Re:

[Shikaku]

I was curious what the list contains but it seems it doesn't exist yet. Darn.

Re:

[dcw3]

The list should never be "finalized". It should be constantly updated.

Re:

[AHuxley]

Could be a few AV companies that found NSA efforts and big telco brands.
The US does not want to list the holding companies it knows about.

All proprietary software

[Stormwatch]

Proprietary software cannot be trusted. It must always be treated as potential spyware. Only free-as-in-freedom software can be allowed for critical tasks.

Re:

[Anonymous Coward]

This. One thousand times this. Even the CFR 21 part 11 requires it (though the FDA won't admit it).

Free as in freedom software is critical to the future of humanity.

Stuff like this clearly demonstrates that.

Re:

[johnsie]

Nothing to stop someone throwing a few lines of extra code into an open source product before compile time.

Re:

[Bert64]

Except that person needs to be present at compile time, which doesn't work if you are compiling it yourself or (more likely in the case of governments) having a central national body compiling the code for use by the various agencies in that country.
Downloading someone else's precompiled binaries is only marginally better than someone else's precompiled proprietary code, although there are usually several options you can choose from at least.

Re:

[Whibla]

No software should be 'trusted' for critical tasks*. All software should be treated as being potentially compromised.

Here's a recent example [bleepingcomputer.com] that highlights this point.

Creating and maintaining a 'do not use' list is an obvious way to eliminate the low hanging fruit, but it's by no means sufficient.

That being said, like many others, I'm going to agree that not only is this not really news, because it contains nothing new and no real information, this announcement is actually tantamount to propaganda and noth

Re:

[Anonymous Coward]

No, Russia has engaged ISIS at the request of the UN recognized government of Syria. The US is not welcome in Syria because it was supporting terrorists whose stated goal was overthrown of the UN recognized government of Syria.

Re:

[Bert64]

Nonetheless they are the recognised government of syria, and there are many other governments around the world doing terrible things to their own people.
And the syrian government has sufficiently powerful allies (ie russia) that you cannot go and invade them directly.

Re:Part good and part stupid

[bongey]

Good little Chinese propaganda troll. China is many,many,many times more of threat than Russia.

Re:

[pots]

Is there some reason why we need to have a competition here? Russia's a little ahead of China in terms of an individual assuming dictatorial power and taking direct action to influence Western democracies. China is a little ahead of Russia in terms of controlling information and maybe slightly ahead in seizing foreign territory. Can we not just agree that they both have merit? Can't that be good enough?

Re:

[AnthonywC]

A pathetic comment like this get voted this high; come on slashdot have you really sink this low? Are there that many ignorant and hateful Americans on here?

Re:

[Jzanu]

It is absolutely disturbing. Slashdot has fallen so far it is now a cesspool compared to its origins as a site where educated people could interact.

Re:

[Jzanu]

How wrong [china-un.ch] you are about everything! Especially notice this quote "China has been a united multi-ethnic country since ancient times.", the numerous recognized minority groups listed previous to it, and the detailed history of cooperation that follows it. China's goals are peace for the sake of trade, and if you look at China's actual history it even declined invading Mongolia despite being attacked thousands of times by its closest neighbor. Again, if you look at the actual history Han dominance is relativel

Re:

[Jzanu]

Try that one again - a German posted a link to a Swiss website. I am amazed at the prideful ignorance and and willful stupidity displayed on Slashdot now. This is basic information that anyone with an education can find easily. As for the Han dominance, I mean the Ming were the last Han dynasty, replaced by Manchu (Mongolian who were a mix of Mongolians and actual Far East Russia natives rather than the transplanted ones in Vladivostok, etc.

Re:

[currently_awake]

China wants to be THE superpower, running the entire world. Russia wants to be the major world power ruling their little corner of the world. Treating them the same way plays down the threat posed by China and inflates the one posed by Russia. Russia invaded the Ukrain and stole some land, China invaded the entire South China Sea and is stealing the entire sea. China's One Road initiative is based upon loaning money to foreign countries, stealing it back, then siezing control of those countries when the

Re:

[drinkypoo]

China and Russia are perfectly happy to settle for absolute control over the pieces they claim as theirs,

Nonsense. That might apply to Russia (I'm not sure, personally) but China has deliberately pursued policies intended to make it look that way while harboring notions of ruling the world. And as little as I like the USA running around the world bombing brown people for money, I'd like it a lot less if China were running things, and so would most everyone else. Except, of course, people in China. Things would simply not change much for them, since they're already being treated the way everyone would be treate

Cool

[JustNiz]

I'm looking forward to Russia and China releasing their own tit-for-tat list of consumer products that come with preinstalled NSA/CIA backdoors.

Re:

[dcw3]

And if you had to choose from the recommendations given, which of the three would you go with?

Re:

[JustNiz]

None. If security was a real concern I'd always go opensource, and audit the source then build from it.

Netcracker Telecommunications Software

[theshowmecanuck]

Much of this, used in many telephone companies, is developed in Moscow.

Should do an advertising campaign as well

[Scoldog]

"When you think government spyware, Buy American!"

tracking on link to main story !! why

[Anonymous Coward]

Since when does slashdot link to stories with tracking on them - ?oref=d-topstory - ? I thought that was against the slashdot code.
Best case scenario Beau just copied the link from somewhere else with the tracking already on there.

Re:

[johnsie]

slashdot has code? You must be new here.

Fake news

[Chrisq]

Putin says it's safe so hey, what can we do?

Where is the list?

I hate article like that one. I want to see the list!

This only seems fair...

[hyades1]

Asked if the military's security expectations were arbitrary and unfair, Pentagon Spokesman Squamous Turdstocking III said, "It's not that we're catagorically against back doors in our software. We just want to make sure only Russia and our Commander In Chief have a set of keys.

It beggars belief

[dhaen]

It beggars belief that any "power" relies on the software built by other "powers". Even the software from your "friends" is likely to have hidden exploits, because they will want to know what your plans are.

politics or security ?

[Tom]

It's sad that everything has become political and you cannot be sure that there are any security reasons for these listings.

Buy American dipshit

[reanjr]

Everyone in the defense industry should be required to buy American. It's fucking insane that we let Chinese and Russian technology into the industry at all.

Russian Anti-Virus Removed from Govt Systems 2017

[jack4888]

Russian cyber security firm, Kaspersky Lab, is being investigated by the F.B.I. for possible links to Russian security services. Quote from NY Times 9/12/2017. US govt put out notice to remove this anti-virus from all government not only DOD computers within 90 days ordered by Elaine C. Duke, the acting secretary of Homeland Security. Boxes with embedded code, like routers, cable modems, computers desk & laotop, etc may be infected with backdoor or corrupted software put there in China's production fa