The U.S. Congress is sending President Donald Trump legislation that would force technology companies to disclose if they allowed countries like China and Russia to examine the inner workings of software sold to the U.S. military.
The legislation, part of the Pentagon’s spending bill, was drafted after a Reuters investigation last year found software makers allowed a Russian defense agency to hunt for vulnerabilities in software used by some agencies of the U.S. government, including the Pentagon and intelligence services.
The final version of the bill was approved by the Senate in a 87-10 vote on Wednesday after passing the House last week. The spending bill is expected to be signed into law by Trump.
Security experts said allowing Russian authorities to probe the internal workings of software, known as source code, could help Moscow discover vulnerabilities they could exploit to more easily attack U.S. government systems.
The new rules were drafted by Democratic Senator Jeanne Shaheen of New Hampshire.
“This disclosure mandate is the first of its kind, and is necessary to close a critical security gap in our federal acquisition process,” Shaheen said in an emailed statement.
“The Department of Defense and other federal agencies must be aware of foreign source code exposure and other risky business practices that can make our national security systems vulnerable to adversaries,” she said.
The law would force U.S. and foreign technology companies to reveal to the Pentagon if they allowed cyber adversaries, like China or Russia, to probe software sold to the U.S. military.
Companies would be required to address any security risks posed by the foreign source code reviews to the satisfaction of the Pentagon, or lose the contract.
The legislation also creates a database, searchable by other government agencies, of which software was examined by foreign states that the Pentagon considers a cyber security risk.
It makes the database available to public records requests, an unusual step for a system likely to include proprietary company secrets.
Tommy Ross, a senior director for policy at the industry group The Software Alliance, said software companies had concerns that such legislation could force companies to choose between selling to the U.S. and foreign markets.
“We are seeing a worrying trend globally where companies are looking at cyber threats and deciding the best way to mitigate risk is to hunker down and close down to the outside world,” Ross told Reuters last week.
A Pentagon spokeswoman declined to comment on the legislation.
In order to sell in the Russian market, technology companies including Hewlett Packard Enterprise Co, SAP SE and McAfee have allowed a Russian defense agency to scour software source code for vulnerabilities, the Reuters investigation found last year.
In many cases, Reuters found that the software companies had not informed U.S. agencies that Russian authorities had been allowed to conduct the source code reviews. In most cases, the U.S. military does not require comparable source code reviews before it buys software, procurement experts have told Reuters.
The companies had previously said the source code reviews were conducted by the Russians in company-controlled facilities, where the reviewer could not copy or alter the software. The companies said those steps ensured the process did not jeopardize the safety of their products.
McAfee announced last year that it no longer allows government source code reviews. Hewlett Packard Enterprise has said none of its current software has gone through the process.
SAP did not respond to requests for comment on the legislation. HPE and McAfee spokespeople declined further comment.
Reporting by Joel Schectman; Additional reporting by Jack Stubbs in Moscow
Ken Cuccinelli defends denying entry to hurricane-struck Bahamians who should be ‘taking care of their own’
Acting U.S. Citizenship and Immigration Services (USCIS) Director Ken Cuccinelli insisted on Sunday that Bahamians should help themselves instead of fleeing to the United States after thousands were left homeless by Hurricane Dorian.
During an interview with CBS host Margaret Brennan, Cuccinelli was asked why the Trump administration is making it "harder to flee to this country" for Bahamians who were left homeless by the hurricane.
Cuccinelli, however, argued that the Trump administration is "making it easier" for Bahamians to travel to the U.S.
"The Bahamas is a perfectly legitimate country capable of taking care of their own," the USCIS chief said. "We rushed resources in, whether it was from USAID or the Coast Guard, who were downright heroic."
Kamala Harris blisters Kavanaugh for lying to her during his hearings and calls for him to be impeached
In a blunt tweet issued on Sunday morning, Democratic Presidential contender, Sen. Kamala Harris (D-CA) accused Supreme Court Justice Brett Kavanaugh of lying to the U.S. Senate during his confirmation hearings and said he must be impeached.
Following a New York Times report outlining credible allegations against Kavanaugh accusing him of assaulting a fellow college student, Harris said the evidence presented should disqualify him from being on the bench.
"I sat through those hearings. Brett Kavanaugh lied to the U.S. Senate and most importantly to the American people. He was put on the Court through a sham process and his place on the Court is an insult to the pursuit of truth and justice. He must be impeached," she tweeted.
Republicans accused of stifling sexual misconduct claim against Brett Kavanaugh during confirmation
A new report reveals that Deborah Ramirez, a woman who claims Supreme Court Justice Brett Kavanaugh sexually assaulted her while she was a student at Yale University, may have had evidence to corroborate her story — but that Republicans created a process which would stifle her account so that Kavanaugh could be confirmed.
This article first appeared in Salon.
Deborah Ramirez, who alleged that she was assaulted by Kavanaugh at a Yale party when she was an underclassman, had her legal team provide the F.B.I. with a list of at least 25 people who could have had evidence to corroborate her story, but the bureau ultimately interviewed none of them, according to The New York Times. The publication also learned that many of the individuals who could have corroborated Ramirez's story attempted to reach the F.B.I. on their own but were unable to do so.