The US Congress is sending US President Donald Trump legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the US military.
The legislation, part of the Pentagon’s spending bill, was drafted after a Reuters investigation last year found software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the US government, including the Pentagon and intelligence services.
The final version of the bill was on Wednesday approved by the US Senate in a 87-10 vote after passing the US House of Representatives last week. The spending bill is expected to be signed into law by Trump.
Security experts said allowing Russian authorities to probe the internal workings of software, known as source code, could help Moscow discover vulnerabilities it could exploit to more easily attack US government systems.
The new rules were drafted by Democratic Senator Jeanne Shaheen of New Hampshire.
“This disclosure mandate is the first of its kind, and is necessary to close a critical security gap in our federal acquisition process,” Shaheen said in a statement.
“The Department of Defense and other federal agencies must be aware of foreign source code exposure and other risky business practices that can make our national security systems vulnerable to adversaries,” she said.
The law would force US and foreign technology companies to reveal to the Pentagon if they allowed cyberadversaries, like China or Russia, to probe software sold to the US military. Companies would be required to address any security risks posed by the foreign source code reviews to the satisfaction of the Pentagon, or lose the contract.
The legislation would also require the creation of a database, searchable by other government agencies, of which software was examined by foreign states that the Pentagon considers a cybersecurity risk. It would make the database available to public records requests, an unusual step for a system likely to include proprietary company secrets.
Tommy Ross, a senior director for policy at the industry group The Software Alliance, said software companies have concerns that such legislation could force companies to choose between selling to the US and foreign markets.
“We are seeing a worrying trend globally where companies are looking at cyberthreats and deciding the best way to mitigate risk is to hunker down and close down to the outside world,” Ross said last week.
A Pentagon spokeswoman declined to comment on the legislation.
In order to sell in the Russian market, technology companies including Hewlett Packard Enterprise, SAP and McAfee allowed a Russian defense agency to scour software source code for vulnerabilities, the Reuters investigation found last year.
In many cases, it found that the software companies had not informed US agencies that Russian authorities had been allowed to conduct the source code reviews.
Nearly half of China’s major cities are suffering “moderate to severe” levels of subsidence, putting millions of people at risk of flooding, especially as sea levels rise, according to a study of nationwide satellite data released yesterday. The authors of the paper, published by the journal Science, found that 45 percent of China’s urban land was sinking faster than 3mm per year, with 16 percent at more than 10mm per year, driven not only by declining water tables, but also the sheer weight of the built environment. With China’s urban population already in excess of 900 million people, “even a small portion
UNSETTLING IMAGES: The scene took place in front of TV crews covering the Trump trial, with a CNN anchor calling it an ‘emotional and unbelievably disturbing moment’ A man who doused himself in an accelerant and set himself on fire outside the courthouse where former US president Donald Trump is on trial has died, police said yesterday. The New York City Police Department (NYPD) said the man was declared dead by staff at an area hospital. The man was in Collect Pond Park at about 1:30pm on Friday when he took out pamphlets espousing conspiracy theories, tossed them around, then doused himself in an accelerant and set himself on fire, officials and witnesses said. A large number of police officers were nearby when it happened. Some officers and bystanders rushed
HYPOCRISY? The Chinese Ministry of Foreign Affairs yesterday asked whether Biden was talking about China or the US when he used the word ‘xenophobic’ US President Joe Biden on Wednesday called for a hike in steel tariffs on China, accusing Beijing of cheating as he spoke at a campaign event in Pennsylvania. Biden accused China of xenophobia, too, in a speech to union members in Pittsburgh. “They’re not competing, they’re cheating. They’re cheating and we’ve seen the damage here in America,” Biden said. Chinese steel companies “don’t need to worry about making a profit because the Chinese government is subsidizing them so heavily,” he said. Biden said he had called for the US Trade Representative to triple the tariff rates for Chinese steel and aluminum if Beijing was
Beijing is continuing to commit genocide and crimes against humanity against Uyghurs and other Muslim minorities in its western Xinjiang province, U.S. Secretary of State Antony Blinken said in a report published on Monday, ahead of his planned visit to China this week. The State Department’s annual human rights report, which documents abuses recorded all over the world during the previous calendar year, repeated language from previous years on the treatment of Muslims in Xinjiang, but the publication raises the issue ahead of delicate talks, including on the war in Ukraine and global trade, between the top U.S. diplomat and Chinese