Pentagon - Do Not Buy List

Pentagon “Do Not Buy” Software List

The trend towards globalised software development may have just taken an interesting new twist. Over recent years, China, India and Russia have all emerged as countries with banks of talented developers available at a lower cost than their counterparts in some other parts of the world, such as the U.S.

Now, it has been reported that the Pentagon has drawn up a “do not buy” list for software, which is to include software developed with input from coders based in China or Russia. Cybersecurity has been moving higher and higher up the political agenda and it’s no secret that the U.S. has long had concerns about the possible dangers that could be posed by hostile states gaining familiarity with the U.S.’s cybersystems.

For example, back in 2014, Chinese company Huawei was banned from bidding for U.S. military contracts over security concerns. U.S. lawmakers and security experts have also repeatedly stated their concerns about the perceived links between Chinese tech companies, in particular, Huawei and ZTE, and the Chinese government.

Political posturing or genuine concern?

Both the Chinese and Russian governments have vehemently denied any involvement with companies engaged in questionable security practices and sympathisers have accused the U.S. of trying to hamper the development of other countries so as to keep its own position secure.

In all honesty, there may well be at least some degree of truth in this. After all, governments are supposed to put the interests of their own country first. At the same time, however, it has to be acknowledged that neither China nor Russia has a great reputation as a bastion of IT security and/or respect for intellectual property.

Likewise, it certainly cannot be ruled out that they have connections with major tech companies; indeed it would be surprising if they didn’t (and the same could be said of the U.S government).

The practical impact on UK SMEs

Regardless on your opinion of whether or not this list is justified, the fact is that it exists – and based on the previous history – the U.S. government will, at the very least, encourage other countries to use it.

As an example of this, Barack Obama met with (then) Australian PM Julia Gillard in 2011 and shortly after that, Australia took a very different stance on the question of Huawei.

This means that if your company is involved in trade with the U.S. (either directly or indirectly), you may wish to review your software to ensure it is compliant.

If you run a software or SaaS company, you may need to look at where your coders are based, if you outsource any coding and, if they are in Russia or China, establish whether or not your business will be affected by this ban. Similarly, if you have Chinese or Russian investors, your SME could be affected.

Even if the list itself is of no direct relevance to your company (which will probably be the case with most UK-based SMEs), it may have the unintended consequence of raising software development costs and therefore increasing the cost of the software you use