Pentagon Is Working on a “Do Not Buy” List to Block Russian & Chinese Software

The United States government is working on a “do not buy” list to block companies that are using software coming from Russia or China. This work has been going on for the past six months as the Pentagon intends to help the Department of Defense’s acquisitions staff and the industry partners to avoid buying code that doesn’t meet “national security standards.”

“What we are doing is making sure that we do not buy software that has Russian or Chinese provenance,” Ellen Lord, the under secretary of defense for acquisition and sustainment, said on Friday. “Quite often that’s difficult to tell at first glance because of holding companies.”

us-electric-grid-attack-russiaRelated More Russia, More Hacks – Now Inside the US Electric Utility Control Rooms

Worried of spying attempts, Pentagon is hustling to block contractors potentially using problematic code

The Pentagon hasn’t shared any details into who might be affected. Lord only added that the DoD has identified “certain companies” whose work is not consistent with the country’s defense standards. These companies are being put on a list that is circulated within the industry to help military’s software buyers and vendors to avoid including any problematic code.

Reports suggest that the Pentagon is working with three major defense industry trade associations, including the Aerospace industries Association, the National Defense Industrial Association and the Professional Services Council, to alert contractors.

“It’s a huge education process.”

Today’s announcement comes ahead of an expected Pentagon’s spending bill. This bill contains provisions to force tech companies to disclose if they allow countries like Russia and China to have access to the source code of software that is also sold to the US military.

Reuters suggests that this legislation is in response to the investigations that had revealed that American software makers are being forced by Russian and Chinese governments to share their source code. The DoD now fears that this access could enable the adversaries to spot vulnerabilities and use them against the Pentagon.