Menu
HPE hit with security quandary after Russian ArcSight review

HPE hit with security quandary after Russian ArcSight review

Sources indicate that HPE inadvertently let a Russian defence agency review the inner workings of cyber defence software used by the Pentagon

Hewlett Packard Enterprise (HPE) allowed a Russian defence agency to review the inner workings of cyber defence software used by the Pentagon to guard its computer networks, according to Russian regulatory records and interviews with people with direct knowledge of the issue.

The HPE system, called ArcSight, serves as a cybersecurity nerve centre for much of the United States military, alerting analysts when it detects that computer systems may have come under attack. ArcSight is also widely used in the private sector.

The Russian review of ArcSight’s source code, the closely guarded internal instructions of the software, was part of HPE's effort to win the certification required to sell the product to Russia’s public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.

Six former US intelligence officials, as well as former ArcSight employees and independent security experts, said the source code review could help Moscow discover weaknesses in the software, potentially helping attackers to blind the US military to a cyber attack.

“It’s a huge security vulnerability," said Greg Martin, a former security architect for ArcSight. "You are definitely giving inner access and potential exploits to an adversary.”

Despite the potential risks to the Pentagon, no one Reuters spoke with was aware of any hacks or cyber espionage that were made possible by the review process.

The ArcSight review took place last year, at a time when Washington was accusing Moscow of an increasing number of cyber attacks against American companies, US politicians and government agencies, including the Pentagon. Russia has repeatedly denied the allegations.

The case highlights a growing tension for US technology companies that must weigh their role as protectors of US cybersecurity while continuing to pursue business with Washington’s adversaries such as Russia and China, say security experts.

The review was conducted by Echelon, a company with close ties to the Russian military, on behalf of Russia's Federal Service for Technical and Export Control (FSTEC), a defence agency tasked with countering cyber espionage.

Echelon president and majority owner Alexey Markov said in an email to Reuters that he is required to report any vulnerabilities his team discovers to the Russian government.

But he said he does so only after alerting the software developer of the problem and getting its permission to disclose the vulnerability. Echelon did not provide details about HPE's source code review, citing a non-disclosure agreement with the company.

FSTEC confirmed Markov's account, saying in a statement that Russian testing laboratories immediately inform foreign developers if they discover vulnerabilities, before submitting a report to a government “database of information security threats.”

One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that US intelligence services have not placed spy tools in the software.

HPE said no "backdoor vulnerabilities" were discovered in the Russian review. It declined to provide further details.

HPE said it allows Russian government-accredited testing companies to review source code in order to win the Russian defence certifications it needs to sell products to Russia's public sector.

An HPE spokeswoman said source code reviews are conducted by the Russian testing company at an HPE research and development centre outside of Russia, where the software maker closely supervises the process.

No code is allowed to leave the premises, and HPE has allowed such reviews in Russia for years, she said.

Those measures ensure “our source code and products are in no way compromised,” she said.

Some security experts say that studying the source code of a product would make it far easier for a reviewer to spot vulnerabilities in the code, even if they did not leave the site with a copy of the code.

In a 2014 research paper, Echelon directors said the company discovered vulnerabilities in 50 per cent of the foreign and Russian software it reviewed.

Still, security analysts said the source code review alone, even if it yielded information about vulnerabilities, would not give hackers easy entry into the military systems. To infiltrate military networks, hackers would need to first overcome a number of other security measures, such as firewalls, said Alan Paller, founder of the SANS Institute, which trains cybersecurity analysts

Paller also said HPE's decision to allow the review was not surprising. If tech companies like HPE want to do business in Russia, "they don’t really have any choice,” he said.

HPE declined to disclose the size of its business in Russia, but Russian government tender records show ArcSight is now used by a number of state firms and companies close to the Kremlin, including VTB Bank and the Rossiya Segodnya media group.

Read more on the next page...


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber securityrussiaUSAHewlett Packard EnterpriseHPE

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments