Tag Archives: intelligence agencies

Pentagon creating software ‘do not buy’ list to keep out Russia, China

FILE PHOTO: An aerial view of the Pentagon building in Washington, June 15, 2005. REUTERS/Jason Reed

By Mike Stone

WASHINGTON (Reuters) – The Pentagon is working on a software “do not buy” list to block vendors who use software code originating from Russia and China, a top Defense Department acquisitions official said on Friday.

Ellen Lord, the undersecretary of defense for acquisition and sustainment, told reporters the Pentagon had been working for six months on a “do not buy” list of software vendors. The list is meant to help the Department of Defense’s acquisitions staff and industry partners avoid buying problematic code for the Pentagon and suppliers.

“What we are doing is making sure that we do not buy software that has Russian or Chinese provenance, for instance, and quite often that’s difficult to tell at first glance because of holding companies,” she told reporters gathered in a conference room near her Pentagon office.

The Pentagon has worked closely with the intelligence community, she said, adding “we have identified certain companies that do not operate in a way consistent with what we have for defense standards.”

Lord did not provide any further details on the list.

Lord’s comments were made ahead of the likely passage of the Pentagon’s spending bill by Congress as early as next week. The bill contains provisions that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.

The legislation was drafted after a Reuters investigation found that software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the U.S. government, including the Pentagon and intelligence agencies.

Security experts said allowing Russian authorities to look into the internal workings of software, known as source code, could help adversaries like Moscow or Beijing to discover vulnerabilities they could exploit to more easily attack U.S. government systems.

Lord added an upcoming report on the U.S. military supply chain will show that the Pentagon depends on foreign suppliers, including Chinese firms, for components in some military equipment.

She said the Pentagon also wants to strengthen its suppliers’ ability to withstand cyber attacks and will test their cybersecurity defenses by attempting to hack them.

The Pentagon disclosed the measures as the federal government looks to bolster cyber defenses following attacks on the United States that the government has blamed on Russia, North Korea, Iran, and China.

The Department of Homeland Security this week disclosed details about a string of cyber attacks that officials said put hackers working on behalf of the Russian government in a position where they could manipulate some industrial systems used to control infrastructure, including at least one power generator.

(Reporting by Mike Stone; Editing by Chris Sanders, Bernadette Baum and Jonathan Oatis)

House to vote to renew NSA’s internet surveillance program

An illustration picture shows the logo of the U.S. National Security Agency on the display of an iPhone in Berlin, June 7, 2013.

By Dustin Volz

(Reuters) – The U.S. House of Representatives plans to vote on Thursday on whether to renew the National Security Agency’s warrantless internet surveillance program, which has been the target of privacy advocates who want to limit its impact on Americans.

The vote is the culmination of a yearslong debate in Congress on the proper scope of U.S. intelligence collection, one fueled by the 2013 disclosures of classified surveillance secrets by former NSA contractor Edward Snowden.

The bill would extend the NSA’s spying program for six years with minimal changes. Most lawmakers expect it to become law if it prevails in the House, although it still would require Senate approval and President Donald Trump’s signature.

Trump appeared on Thursday to initially question the merits of the program, contradicting the official White House position and renewing unsubstantiated allegations that the previous administration of Barack Obama improperly surveilled his campaign during the 2016 election.

“This is the act that may have been used, with the help of the discredited and phony Dossier, to so badly surveil and abuse the Trump Campaign by the previous administration and others?” the president said in an early morning post on Twitter.

The White House did not immediately respond to a request to clarify Trump’s tweet but he posted a clarification less than two hours later.

“With that being said, I have personally directed the fix to the unmasking process since taking office and today’s vote is about foreign surveillance of foreign bad guys on foreign land. We need it! Get smart!” Trump tweeted.

Unmasking refers to the largely separate issue of how Americans’ names kept secret in intelligence reports can be revealed.

Asked by a Reuters reporter at a conference in New York about Trump’s tweets, Rob Joyce, the top White House cyber official, said there was no confusion within Oval Office about the value of the surveillance program and that there have been no cases of it being used improperly for political purposes.

Some conservative, libertarian-leaning Republicans and liberal Democrats were attempting to persuade colleagues to include more privacy protections. Those would include requiring a warrant before the NSA or other intelligence agencies could scrutinize communications belonging to Americans whose data is incidentally collected under the program.

The White House, U.S. intelligence agencies and Republican leaders in Congress have said they consider the tool indispensable and in need of little or no revision.

Without congressional action, legal support for Section 702 of the Foreign Intelligence Surveillance Act, which authorizes the program, will expire next week, although intelligence officials say it could continue through April.

Section 702 allows the NSA to eavesdrop on vast amounts of digital communications from foreigners living outside the United States through U.S. companies such as Facebook Inc, Verizon Communications Inc and Alphabet Inc’s Google.

The spying program also incidentally scoops up communications of Americans if they communicate with a foreign target living overseas, and can search those messages without a warrant.

(Reporting by Dustin Volz; Additional reporting by Doina Chiacu and Susan Heavey; Editing by Lisa Von Ahn and Bill Trott)