The US military has finished creating a “Do Not Buy” list of Russian and Chinese software that it says fail to comply with US national security standards.
It took the Pentagon around six months to compile a list of the companies that it says are suspicious and must be avoided by the US military’s software buyers, the Register reported on Monday.
The American officials are now working with the country’s three major defense industry trade associations — the Aerospace industries Association, National Defense Industrial Association and Professional Services Council — to warn contractors small and large against buying the software.
"We had specific issues… that caused us to focus on this," said Ellen Lord, US defense undersecretary for acquisition and sustainment. "What we are doing is making sure that we do not buy software that's Russian or Chinese provenance. Quite often that's difficult to tell at first glance because of holding companies."
The move is part of a plan by the Pentagon to thwart alleged attempts by foreign intelligence to insert vulnerabilities or backdoors into technology installed in American computer networks, the report added.
The US has long accused Russian security software maker Kaspersky of running a secret espionage program on behalf of the Russian government.
The company has been hit with several rounds of sanctions that Russia says are examples of American unfair competitive practices.
Washington has leveled similar accusations against hardware and code offered by Chinese telecommunication giants Huawei and ZTE, subjecting them to intense scrutiny in recent months.
Lord confirmed to reporters on Friday that US military programs and weapons were one of the many areas that the Pentagon was planning to protect from harm.
“These are more widespread issues. I don’t think we’re focused on one particular system,” he said.
The report noted that Russian and Chinese intelligence agencies have adopted similar measures against US software companies, requiring them to reveal key parts of their source codes to ensure they do not violate security standards.
Last June, Reuters reported that American companies such as IBM, Cisco and HP as well as Germany’s SAP had allowed the Russian intelligence service FSB to examine key source code in various software products.