The Integrity News
Vol. XIII No. 14 ISSN 1081-2717
July 23, 2004
July 19, 2004 (pgs. 60-62 )
( That hole in our national security from
outsourcing software writing overseas. )
The U.S. Military is tending to buy much of the same
software that we use commercially. The problem is
"that the vendors are sending much of their software
development work overseas to cut costs. But, the
security ramifications are starting to raise red flags
for Congress, the Pentagon, and the vendors." We
warned of this problem in an
issue of The Integrity
News, in November, 2003.
Commercial software was never intended to be subjected
to the significant threat level that important companies
and the DOD face today. For much of today's existing
code, it is impossible to "determine the code's authors,
their intentions, or their politics." "Using foreign labor
has been wonderful for the economy, but it has introduced
tremendous vulnerability to our software." It is expected
that spending for offshore information technology services
will increase from a few billion dollars in 2004, to $26
billion in 2007.
Aside from the national security risks, "companies that
ignore outsourcing trends do so at the peril of their own
long-term competitiveness." "Someone with a malicious
intent could easily develop a Trojan Horse, a Back Door
into the application, or a Time Bomb."
"Our current national policies that are intended to mitigate
information system vulnerabilities, focus mostly on
operational software security threats such as external
hacking and unauthorized access. These policies do not
address insider threats such as the insertion of malicious
code by software developers." ( We explained this in
detail in a November, 2003
issue.)
Imagine "a terrorist cell that trains a group to be software
programmers, then infiltrates companies that have sent
their software development work overseas. Working for
those companies, the programmers could surreptitiously
put vulnerabilities in the software."
This potential puts
a whole new meaning on Personnel Security.
All programmers at The Integrity Center, Inc., like all
employees here, are each licensed Private Investigators
who have had a background check by the FBI.
"Due diligence in providing assurances that software
applications are trustworthy and secure.
More care in developing requirements for software
coding jobs that are sent overseas.
Removal of sensitive portions of software coding such as
business logic or security,
from jobs sent overseas.
Testing of software much earlier in the development
process.
Software warranties or service-level agreements
that hold vendors responsible."
"Private sector companies share the worries of their
government counterparts. But, outsourcing software
isn't going to stop now." "Economics are dictating
software development, and as much as vendors aren't
really comfortable with it, the financials of outsourcing
will continue to drive it."
"We have to recognize who we have been up against
so far. Its been script kiddies in schools, and pranksters.
The people we need to worry about, and haven't been,
are the professionals."
For more information about background checking,
visit our website, or feel free to call
The Integrity Center, Inc.
at (972) 484-6140.
Helping you with your Risk Management and HR Automation is what we do.
|
|