Menu
HPE hit with security quandary after Russian ArcSight review

HPE hit with security quandary after Russian ArcSight review

Sources indicate that HPE inadvertently let a Russian defence agency review the inner workings of cyber defence software used by the Pentagon

Whether the customer is Russia or the United States, overlooked errors in software code can allow foreign governments and hackers to penetrate a user’s computer.

Exploiting vulnerabilities found in ArcSight's source code could render it incapable of detecting that the military’s network was under attack, said Allen Pomeroy, a former ArcSight employee who helped customers build their cyber defence systems.

“A response to the attack would then be frankly impossible," Pomeroy said.

The HPE spokeswoman said Reuters' questions about the potential vulnerabilities were “hypothetical and speculative in nature.”

HPE declined to say whether it told the Pentagon of the Russian review, but said the company “always ensures our clients are kept informed of any developments that may affect them.”

A spokeswoman for the Pentagon’s Defense Information Systems Agency, which maintains the military’s networks, said HPE did not disclose the review to the US agency. Military contracts do not specifically require vendors to divulge whether foreign nations have reviewed source code, the spokeswoman said.

The US military agency itself did not require a source code review before purchasing ArcSight and generally does not place such requirements on tech companies for off-the-shelf software like ArcSight, the Pentagon spokeswoman said. Instead, DISA evaluates the security standards used by the vendors, she said.

Echelon operates as an official laboratory and software tester of FSTEC and Russia's FSB spy agency, according to Russian government registries of testing laboratories and software certifications reviewed by Reuters. US intelligence has accused the FSB of helping mount cyber attacks against the United States and interfering in the 2016 presidential election.

Markov, Echelon's president, defended the reviews, saying that “if a vulnerability is found, everyone is happy” because the detected flaw means laboratory experts are “able to demonstrate their qualifications” and “the developer is happy that a mistake was detected, since by fixing it the product will become better.”

Russia in recent years has stepped up demands for source code reviews as a requirement for doing business in the country, Reuters reported in June.

A number of international companies, including Cisco Systems, the world's largest networking gear maker, and German software giant SAP, have agreed to the reviews, though others, including cybersecurity firm Symantec, have refused because of security concerns.

US government procurement records show ArcSight is used as a key cyberdefence bulwark across much of the US military including the Army, Air Force and Navy. For example, ArcSight is used to guard the Pentagon’s Secret Internet Protocol Router Network (SIPRNet), which is used to exchange classified information, according to military procurement records.

The Pentagon spokeswoman declined to comment on risks posed by specific products to its network but said all software used by DISA is “extensively evaluated for security risks,” and continually monitored once deployed.

Created in 2000 as an independent company, ArcSight broke new ground by allowing large organizations to receive real-time alerts about potential cyber intrusions.

The software draws activity records from servers, firewalls, and individual computers across a network - up to hundreds of thousands per second. The system then searches for suspicious patterns, such as a high number of failed login attempts within a few seconds, and alerts analysts.

A decade later, ArcSight had become “the core” cyber network defence tool the Pentagon’s analysts “rely on to defend DoD networks,” DISA said in a 2011 ArcSight procurement request.

Today ArcSight is a virtually irreplaceable tool for many parts of the US military, at least for the immediate future, Pentagon records show.

“HP ArcSight software and hardware are so embedded," the Pentagon’s logistics agency wrote in April, that it could not consider other competitors “absent an overhaul of the current IT infrastructure.” 

HPE agreed last year to sell ArcSight and other security products to British tech company Micro Focus International in a transaction that was completed in September.

Jason Schmitt, the current head of the ArcSight division, said the product makes up a little less than half of the US$800 million in annual revenue Micro Focus expects to get from the security software business purchased from HPE.

Schmitt said he could not comment on any source code review that took place before this year, when he took the job, but stressed such reviews do not currently take place. Micro Focus did not respond to requests for comment on whether it would allow Russia to do similar source code reviews in the future or whether Micro Focus executives knew of the review prior to the acquisition.

(Reporting by Joel Schechtman and Dustin Volz in Washington and Jack Stubbs in Moscow; Editing by Jonathan Weber and Ross Colvin)


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags cyber securityrussiaUSAHewlett Packard EnterpriseHPE

Featured

Slideshows

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA

Reseller News has honoured the leading female front runners of the New Zealand ICT industry at the 2019 Women in ICT Awards (WIICTA) in Auckland. The awards recognised standout individuals across six categories, spanning Entrepreneur, Rising Star, Shining Star, Community, Technical and Achievement. Photos by Gino Demeer.

Leading female front runners of the Kiwi ICT industry honoured at 2019 WIICTA
Reseller News kicks off awards season in 2019 with Judges' Lunch

Reseller News kicks off awards season in 2019 with Judges' Lunch

The 2019 Reseller News Innovation Awards has kicked off with the Judges Lunch in Auckland with 70 judges in the voting panel. The awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors. Photos by Christine Wong.

Reseller News kicks off awards season in 2019 with Judges' Lunch
Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomes industry figures for 2019 Hall of Fame lunch

Reseller News welcomed 2018 inductees - Chris Simpson, Kendra Ross and Phill Patton - to the third running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing landscape of the technology industry in New Zealand, while outlining ways to attract a new breed of players to the ecosystem. Photos by Gino Demeer.

Reseller News welcomes industry figures for 2019 Hall of Fame lunch
Show Comments