Hewlett Packard Enterprise has authorized experts working with Russia to revise the source code of the cybersecurity software used by the Department of the United States Defense.
The Pentagon uses HPE's ArcSight software to protect sensitive computer networks. Hewlett-Packard acquired ArcSight in 2010 under an agreement valued at 1.5 billion US dollars.
The review was conducted by the Russian firm Echelon on behalf of the Federal Service for Technical Supervision and Export of Russia, a cybersecurity defense agency, according to Reuters, which published the 39 article earlier this week.
"HPE never and never will take actions that compromise the safety of our products or the operations of our customers," said the company in a statement sent to E-Commerce Times by the spokesperson Kate Holderness.
HPE "worked with selected third parties to test a restricted set of products for backdoor vulnerabilities before selling them on the Russian market," the company said, noting that it is of an "old requirement" that has not changed recently.
"All tests were conducted at sites controlled by HPE and under the supervision of HPE cybersecurity specialists, to ensure that our source code and products are not compromised," added HPE. . "
The Ministry of Defense has put in place policies to guard against these vulnerabilities, but the level of exposure in this case is not clear.
"Commercial products and services purchased and deployed by DoD are assessed for security risks," said Heather Babb, Pentagon spokeswoman. "The Department has policies in place to ensure software assurance and supply chain risk management, as well as established security standards to ensure that all commercial products are in place. and purchased services are rigorously inspected for security breaches. "
ArcSight was "reviewed as part of the appropriate cybersecurity processes before being employed by the DoD, and it is continually evaluated in terms of performance and risk, according to departmental policies," Babb said. at Times E-Commerce. "ArcSight is a unique tool and only one component of the largest DoD defense posture."
The report comes at a time of heightened tension between the United States and Russia, while US intelligence agencies have concluded that Russia has taken steps to ingest the 2016 presidential election.
Hacking organizations backed by the Russian government have been accused of accessing e-mail sows belonging to the Democratic Party and officials of Hillary Clinton's presidential campaign, and then disclosing it to Wikileaks, who published it online.
Wikileaks has published classified documents from US intelligence agencies and other governments around the world.
More recently, Russian accounts have been linked to large purchases of targeted advertising and the proliferation of fake news on Facebook during the 2016 campaign. Facebook has collaborated with federal investigators who are investigating whether US agents or campaign managers played a role in coordinating these transactions or activities.
Symantec, developer of Norton Utilities security software, reportedly refused to respond to Russian requests to review source code information.
"Symantec's overall security policies are designed to ensure that our products remain uncompromised by third parties," said Matt Nagel, corporate communications manager at Symantec.
"We do not allow source code inspections by clients, client designated agents, foreign governments, foreign offices or foreign test centers," he told E -Commerce Times.
However, a number of US technology companies, including IBM, Cisco and SAP, have accepted Russian requests to review their source code, Reuters reported earlier this year, in order to retain access to the lucrative Russian market.