Trump Aide Says Russian Review of Pentagon’s Cyberdefense Software Is “Problematic”
In a special report released yesterday, Reuters revealed that Hewlett Packard Enterprise (HPE) had given a Russian defense agency access to the source code of a cyberdefense software called ArcSight used by the Pentagon to protect its networks. Cybersecurity experts and former ArcSight employees had said the review could potentially help the Kremlin discover weaknesses in the software, blinding the US military to a cyberattack.
HPE, in its response, suggested that the company was required to go through this review to be able to sell its products in Russia. [More on this in our earlier report]
However, Washington doesn't appear to agree. In his speech at the Washington Post Cybersecurity Summit (that was sponsored by HPE), Rob Joyce, the White House cybersecurity coordinator, said that allowing other countries to review source code to gain entry into their markets was a protectionist effort by a few totalitarian regimes that threatens a "free and open internet" and could actually impact the product's security features.
While a common approach for tech companies, Reuters reported the Trump aide saying that the arrangement created both security and intellectual property risks.
"If you give your source code to China as a condition of entering into that market, you’ve got to wonder if competitors are then going to start to adopt those features. And we’ve seen some examples of that in the past and that really concerns us."
HPE in response to Royce's comments said that the company "has never and will never take actions that compromise the security of our products or the operations of our customers."
But Royce isn't sold, especially when it comes to intellectual property risks.
Both China and Russia have been putting increased pressure on foreign technology companies, demanding not only access to the source code but also to store data locally or risk losing out on their consumer base. LinkedIn and WhatsApp have faced bans in the countries, with Apple complying with Russia's demands to remove some VPNs from its App Store. Russia has also recently threatened to put a ban on Facebook if it doesn't comply with local data regulations.
"The idea that you can’t enter China’s market without offering up your intellectual property in this way, without agreeing maybe to hobble some of the security and privacy features of it...," Royce said. "Russia is heading that way, a bunch of totalitarian regimes are heading that way."