HPE let Russia Inspect ArcSight Source Code

HPE let a Russian defense agency review ArcSight source code, aka the inner magic of the cybersecurity product, according to Russian regulatory records and interviews with people with direct knowledge of the issue, Reuters reported.

ArcSight is used as a cybersecurity nerve center for much of the U.S. military, raising alerts when something suspicious is happening on the network. The software falls under Security and Event Management Systems (SIEM) and log management solutions.

Want to stay up to date with security news? Please subscribe to our NEW LinkedIN group , Like our Facebook page, or join our FREE Newsletter… Or do all! It’s free and you will always be informed.

The Russian review of ArcSight’s source code, the closely guarded internal instructions of the software, was part of HPE’s effort to win the certification required to sell the product to Russia’s public sector, according to the regulatory records seen by Reuters and confirmed by a company spokeswoman.

Now what is the problem with that, you ask?

Online computer science courses to jumpstart your future.

According to six former U.S. intelligence officials, as wells as independent experts and a former employee of the company, said that the ArcSight source code review could help Russians discover weaknesses in the software, potentially limit the softwares ability to detect future cyber security attacks on U.S. military.

“It’s a huge security vulnerability,“ said Greg Martin, a former security architect for ArcSight. ”You are definitely giving inner access and potential exploits to an adversary.”

The ArcSight Source Code review happened last year at a time where the U.S. was already accusing Russia of an increasing number of cyber attacks on U.S. government agencies, politicians, and agencies. Russia has repeatedly denied anything to do with the cyber attacks.

Here is a picture from Reuters that explains how ArcSight works:

arcsight source code

The security news show that the review was conducted by Echelon, a company with close ties to the Russian military, on behalf of Russia’s Federal Service for Technical and Export Control (FSTEC), a defense agency tasked with countering cyber espionage, according to Reuters.

One reason Russia requests the reviews before allowing sales to government agencies and state-run companies is to ensure that U.S. intelligence services have not placed spy tools in the software.

 You could argue that it is faire game for governmental agencies to review providers codes to make sure they are not vulnerable, but when it comes to a software company that protects the nerve center of U.S. military, some people are concerned. After all, process is key security, and no one wants to be the next Deloitte.

Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

Leave a Reply

%d bloggers like this: