DOD looks to publish software blacklist
- By Lauren C. Williams
- May 10, 2019
The Defense Department wants to publish its blacklist of software companies to better inform the industrial base.
"We will continue to not buy from sources that are not trusted," DOD Acquisition and Sustainment Undersecretary Ellen Lord told reporters during a May 10 briefing at the Pentagon.
DOD is working with Congress to "get authorities to be able to share our restricted vendors list," she added. "We have some constraints on what we can share right now with the defense industrial base. But education is important."
Lord emphasized that primes are ultimately responsible for their subcontractors and the whole of their supply chain. To help with that, DOD is pushing for standard contracting language for cybersecurity requirements so vendors can ensure their own systems and their subcontractors’ are up to par.
The 2019 Defense spending bill banned services and equipment from five companies: Huawei, ZTE, Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co., as well as any of their subsidiaries or affiliates.
"What we know is that if we do not have software from trusted sources, we cannot ensure our cybersecurity," she said. "There are certain companies that often are hidden inside of other shell companies."
In addition to supply chain concerns, Lord said she would like there to be more rapid-hiring authorities for cybersecurity and other jobs in the 2020 spending bill.
"One of our challenges is we have a lot of work that needs to get done in a fairly quick fashion and that’s important to us to be able to move quickly," she said. "Talent is how we get things done and I don’t think we always acknowledge that that’s a key element along with the materiel we buy."
The DOD is also creating a new marketplace to help match small- to medium-sized companies with venture capital funds.
The Trusted Capital Marketplace website, expected to roll out in July, will "bring providers of trusted capital together with businesses looking for capital infusions," Lord said.
DOD can’t legally match companies with VCs, she said, but the department can "segment the marketplace" and put investors with companies that have technological innovations of interest to DOD.
The VCs will be vetted and can include individuals, family foundations, and funds interested in national defense and making a little money in return. The latter, however, may not be that high: "This might not be the best return if all else was equal," Lord said.
It’s not clear how much money would flow through the marketplace but at least 50 companies have been identified as possible participants as part of the Executive Order 13806 supply chain study, she said.
"A lot of these companies are small innovative companies that frankly don’t either have the resources or the sophistication in terms of the contacts to reach sources of capital," Lord said. "What we’re trying to do is enable that so that we don’t have to go through a lot of time and expense with legal firms to ferret out who is out there."
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at email@example.com, or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.