The U.S. Department of Defense has instructed its procurers and contractors to stop buying software that may have Chinese or Russian connections to help defend these institutions against a possible cyberattack.
The Do Not Buy list covers software that does not meet national security standards, said Ellen Lord, defense undersecretary for acquisition and sustainment, according to Defense One. The list has been in the works for six months, but the Pentagon disclosed it for the first time and also said it has expanded the program to include working with three defense contractor trade associations to help assure their members abide by the rules. Defense One said the groups are the Aerospace Industries Association, National Defense Industrial Association and Professional Services Council.
Firms are placed on the Do Not Buy list after being checked out by U.S. intelligence agencies and found to have some type of connection to Russia or China. For example, Chinese businesses have been recently investing in American firms working with artificial intelligence and in other cases, U.S. firms selling their software to other nations sometimes have to divulge their source code to the buyer giving them the potential ability to find vulnerabilities that can then be used against American targets, Defense One reported.
The entire list of companies on the Do Not Buy list was not revealed, but Kaspersky Labs and ZTE have already found themselves banned by the government.