GCN Tech Blog

By GCN Staff

Blog archive

DOD wary of code written overseas

GCN senior writer
John Rendleman

GCN

The Defense Department is increasingly concerned that software it procures from contractors is in some cases being written overseas and may include unexpected or harmful lines of code, according to the Pentagon's chief information officer.

'It's a big issue right now,' and is a growing concern in light of the DOD's increasing reliance on contractors, and the contractors' increasing use of overseas vendors for programming jobs, said Defense CIO John Grimes, speaking April 18 at an event sponsored by the northern Virginia chapter of the Armed Forces Communications and Electronics Association.

The Government Accountability Office reported that DOD's reliance on contractor services increased 78 percent in the last decade, with its obligations on services contracts rising from $85.1 billion in fiscal 1996 to more than $151 billion in fiscal 2006.

'It gives us some concern about what may not be wanted in that piece of software,' especially since outsourcing and globalization make it increasingly difficult for the DOD to keep track of the origins of the different fragments of code that end up in the programs it buys, Grimes said.

Posted by John Rendleman on Apr 21, 2008 at 9:39 AM


inside gcn

  • artificial intelligence (ktsdesign/Shutterstock.com)

    Machine learning with limited data

Reader Comments

Fri, Apr 25, 2008 Chris Weber MD

This article is right on the mark, and this has been a common concern of many security firms and organizations, ours included. And this is not just a problem with hiring outside contractors for proprietary development. There are many well known mainstream companies out there, particularly those who have sensitive roles with regards to computer networks, who operate outside of the US for code or even manufacturing of mainboards. Imagine a tiny rom chip stamped into every motherboard made by an organization that automatically creates a back door or acts as a homing beacon by modifying low level communications drivers. IBM PC's are now made by the Chinese owned "Lenovo" and while I'm sure they're a fine firm but China is a country thats already been proven to be actively spying on us. How many IBM's are in govt offices? Does it make sense to have them there if we're trying to keep Chinese eyes off our secrets?What about firewalls, like Checkpoint? Checkpoints a common product seen in many networks including many govt networks, yet it is a product made by an Israeli owned and operated firm, outside of the US. Not that anything is at all wrong with that, and not that Checkpoint doesn't make a fine firewall product, or that IBM doesn't make a great personal computer and not that anything is wrong with the products, but it seems that in sensitive applications particularly those related to national security it would be logically prudent if they were managed and secured by products made by US firms and on US soil, just as code written for proprietary applications should likewise be written by US contractors, not overseas ones. Seems like a no-brainer.Not that being made on US soil by US hands would provide a panacea against comprimise. But not doing so seems to be inviting it. cwLayer 9

Fri, Apr 25, 2008 John van Santen DC

...unless purposefully crafted, are just as likely to come from national companies as transnational. The fact that government bodies, comprised of non-technical types, are worried is more indicitive of the lack of proper weighting of opinions in determining threats and responses. See http://www.schneier.com/blog/archives/2008/01/security_vs_pri.html for a trustable source.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

resources

HTML - No Current Item Deck
  • Transforming Constituent Services with Business Process Management
  • Improving Performance in Hybrid Clouds
  • Data Center Consolidation & Energy Efficiency in Federal Facilities

More from 1105 Public Sector Media Group