{"id":12118,"date":"2017-10-04T13:57:56","date_gmt":"2017-10-04T18:57:56","guid":{"rendered":"http:\/\/huewhite.com\/umb\/?p=12118"},"modified":"2017-10-04T13:57:56","modified_gmt":"2017-10-04T18:57:56","slug":"not-surprising-if-appalling","status":"publish","type":"post","link":"https:\/\/huewhite.com\/umb\/2017\/10\/04\/not-surprising-if-appalling\/","title":{"rendered":"Not Surprising, If Appalling"},"content":{"rendered":"<p>On <strong><em>Lawfare<\/em><\/strong> Paul Rosenzweig <a href=\"https:\/\/www.lawfareblog.com\/source-code-review-thee-not-me\" target=\"_blank\" rel=\"noopener\">notes<\/a> how Russia got a look at the source code to a critical computer security product in use in the American military:<\/p>\n<blockquote><p>According to<a href=\"https:\/\/www.reuters.com\/article\/us-usa-cyber-russia-hpe-specialreport\/special-report-hp-enterprise-let-russia-scrutinize-cyberdefense-system-used-by-pentagon-idUSKCN1C716M\" target=\"_blank\" rel=\"nofollow noopener\"> this report from Reuters<\/a>, Hewlett Packard Enterprises (HPE) has allowed the Russian military to review the source code for ArcSight, a cybersecurity alert system widely used in the Pentagon and in the American private sector.\u00a0The source code review was a condition required by the Russian government before it would purchase ArcSight for use in Russian systems\u2013at least nominally for the reasonable-sounding purpose of assuring the Russians that the American government had not colluded with HPE to put a back door into ArcSight that might be used against the Russians. This troubling episode raises a number of questions:<\/p>\n<ul>\n<li>If the Russian request was facially reasonable (and it seems it was) why is HPE allowed to permit the Russians to do a source code review on systems that are used by the U.S. military?\u00a0Perhaps as a condition of selling to the U.S. government, one ought not to be permitted to allow foreign nations to unpack the product<\/li>\n<\/ul>\n<\/blockquote>\n<p>And even more startling revelations. So why is HPE permitting this Russian access? My suspicion is that HPE, being an international company, believes it must have a more equable attitude towards its customers, rather than an American-centric view.<\/p>\n<p>Which leads to the question of whether American agencies should more carefully vet its suppliers insofar as their allegiance &#8211; to the dollar or to America? At this juncture, some critical holes in American cyber-infrastructure maybe assumed.<\/p>\n<p>And HPE should be considered disqualified from all future American contracts, public <strong>and<\/strong> private. Maybe they should only expect Russian contracts from here on out.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On Lawfare Paul Rosenzweig notes how Russia got a look at the source code to a critical computer security product in use in the American military: According to this report from Reuters, Hewlett Packard Enterprises (HPE) has allowed the Russian military to review the source code for ArcSight, a cybersecurity \u2026 <a class=\"continue-reading-link\" href=\"https:\/\/huewhite.com\/umb\/2017\/10\/04\/not-surprising-if-appalling\/\"> Continue reading <span class=\"meta-nav\">&rarr; <\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"nf_dc_page":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-12118","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/12118","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/comments?post=12118"}],"version-history":[{"count":2,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/12118\/revisions"}],"predecessor-version":[{"id":12120,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/posts\/12118\/revisions\/12120"}],"wp:attachment":[{"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/media?parent=12118"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/categories?post=12118"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/huewhite.com\/umb\/wp-json\/wp\/v2\/tags?post=12118"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}