Latest in Gear

Image credit:

HP Enterprise let Russia review the Pentagon's security software

The review was conducted while HPE was trying to sell the software in Russia.
Share
Tweet
Share

Sponsored Links

CQ-Roll Call,Inc.

Last year, Hewlett Packard Enterprise (HPE) allowed a Russian defense agency to analyze the source code of a cybersecurity software used by the Pentagon, Reuters reports. The software, a product called ArcSight, is an important piece of cyber defense for the Army, Air Force and Navy and works by alerting users to suspicious activity -- such as a high number of failed login attempts -- that might be a sign of an ongoing cyber attack. The review of the software was done by a company called Echelon for Russia's Federal Service for Technical and Export Control as HPE was seeking to sell the software in the country. While such reviews are common for outside companies looking to market these types of products in Russia, this one could have helped Russian officials find weaknesses in the software that could aid in attacks on US military cyber networks.

Echelon says it's required to report software vulnerabilities to the Russian government but only after letting the software makers know. And HPE told Reuters that reviews are done at an HPE facility under the supervision of HPE staff and that no vulnerabilities were found during this particular review.

Even if a vulnerability was discovered and not disclosed, it wouldn't allow attackers to just waltz into US military networks, but it could, in theory, make it easier to hide an ongoing attack, delaying defense responses and upping the chance of a successful breach. The review took place around the same time that the US was accusing Russia of initiating cyber attacks against a number of US agencies and politicians.

A Pentagon Defense Information Systems Agency spokesperson told Reuters that HPE didn't let the Pentagon know about the review but that it also wasn't required to. The ArcSight review may not have unearthed any backdoors or resulted in any additional cyber infiltrations, but at the very least it seems that, when it comes to the US military, using popular off-the-shelf security software might be a vulnerability in itself.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Netflix delivers 'studio-quality' sound upgrade for Android viewers

Netflix delivers 'studio-quality' sound upgrade for Android viewers

View
Apple warns against putting an iPhone 12 too close to your pacemaker

Apple warns against putting an iPhone 12 too close to your pacemaker

View
Sony may resurrect the Xperia Compact line for small phone fans

Sony may resurrect the Xperia Compact line for small phone fans

View
Facebook inexplicably logs out iPhone users

Facebook inexplicably logs out iPhone users

View
Google mobile search redesign focuses on results, not frills

Google mobile search redesign focuses on results, not frills

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr