Pentagon’s ‘do not buy’ list targets Russian, Chinese software
(Bloomberg) -- The Pentagon has an expanding “do-not-buy” software list to eliminate equipment of Russian and Chinese origin, according to Ellen Lord, the Defense Department’s acquisitions chief.
The Defense Department started putting the list together six months ago and had to work closely with the intelligence community to identify the equipment and pinpoint origin, Lord told reporters at the Pentagon on Friday.
"What we are doing is making sure that we do not buy software that is Russian or Chinese provenance, for instance, and quite often that is difficult to tell at first glance because of holding companies," Lord said. "We have identified certain companies that do not operate in a way consistent with what we have for defense standards."
While Lord declined to disclose specific companies included on the list, rising concern about security threats prompted Congress and the administration to focus on several Chinese companies such as ZTE Corp. and Huawei. The compromise fiscal year 2019 defense authorization bill, H.R. 5515, would ban the government from buying and using any equipment made by the two Chinese telecommunications companies.
ZTE was essentially shut down for a period earlier this year while the U.S. banned purchases from the No. 2 Chinese telecoms gear-maker. The administration agreed to lift that moratorium -- which was punishment for violating Iran and North Korean sanctions, then lying about it -- only after ZTE reshuffled its board and senior management, paid a hefty fine and promised to allow external monitoring of its activities.
Once a company makes it on the list, the Pentagon’s acquisition officials check the list to make sure that they do not buy equipment made by those companies.
"It really speaks to cyber security writ large, which is one of our greatest concerns right now," Lord said. "This is a challenge for us in terms of how to deal with the industrial base, particularly small companies who don’t always have the resources."
Separately, software made by Russia’s Kaspersky Lab has already been scrubbed from U.S. government networks. Kaspersky Lab, which is viewed as having ties to Russian intelligence, has been fighting Congress’ decision to prohibit government use of Kaspersky software products as part of the 2018 defense authorization act (Public Law 115-91).