Slashdot Mirror

← Back to Stories (view on slashdot.org)

Does Offshoring Threaten Combat Software?

Posted by ryuzaki0 on from the pentagon-pondering dept.

PreacherTom writes, "Pentagon officials report that 'maliciously placed code' could compromise the security of the Defense Department and, ultimately, hurt its ability to fight wars. The culprits: offshore programmers. While the Pentagon has stepped up its vendor screening and software testing of late, it's becoming more difficult and costly to test every line of software code on increasingly sophisticated weapons systems. The task force assigned to this issue will be soon presenting its report, and most likely will determine that offshoring presents too great a risk."

15 of 247 comments (clear)

  1. Hysterical rubbish by 91degrees · · Score: 2, Funny

    Offshoring will save costs,m and ensure that overseas developers, often with considerably greater knowledge of these systems will be able to develop them. the risks are totalyl negligible. I say we petition the government to offshore more development.

    Yours - Cylon number 6

    1. Re:Hysterical rubbish by soft_guy · · Score: 2, Informative

      The US military and defence industries (should really be called attack industries now)

      At one time, the US had a "War Department" and a "Secretary of War". Sometime in history, we changed the name to "Department of Defense" and "Secretary of Defense". This happened about the time we stopped using the army for actual defense of the country and instead started using it to bully the rest of the world.

      --
      Avoid Missing Ball for High Score
    2. Re:Hysterical rubbish by gb506 · · Score: 2, Insightful
      This happened about the time we stopped using the army for actual defense of the country and instead started using it to bully the rest of the world.


      Let's see now, who have we directly bullied since the War Department became the DoD?

      North Korea - fuzzy, cuddly little things they are, what with the gulags, starvation, totalitarianism, etc.

      North Vietnam - stict followers of peace and non-aggression, them. Never hurt a flea.

      Grenada - after cuddly little Cubans took over the island nation by force and trapped American sudents

      Panama - after that cute little fuzzball Noriega decided to become a primary drug conduit and looked the other way as his military took to brutalizing US service members and their wives.

      Iraq - warm and fuzzy Saddam invades neighbor and appears to have desire to go to Saudi, potentially throwing geopolitical and economic stability to the sewer.

      Somalia - Aidid hordes food from starving Somalis, we go to try to assist. Real bullies we were in trying to help out...

      Balkans - those nice, peace-loving Serbs and their enlightened ways of genocide, rape, etc. Bullies we were!!!

      Afghanistan - Wonderfully cordial and free thinking taliban, harboring terrorists and disallowing sports, music, games, education for women, etc. Bullies we were!!!

      Iraq (2) - The nice man Saddam and his systematic use of rape as a torture tool, sons Uday and Qusay raping newlywed brides in front of grooms, killing Iraqi olympic athletes who didn't measure up, putting living humans through shredders - how dare we bully those wonderful folks??!!!

      You are indeed and "soft_guy", in more ways than you know. You're also a hopelessly twisted moonbat with a phase inverted worldview.

    3. Re:Hysterical rubbish by XSforMe · · Score: 2, Interesting

      "Government however should promote within it's own and never send work away."

      Not too long ago, I had the chance to go to a contractor convention of one of our major clients. There, I had the chance to meet our chinese counterpart and even though he seemed very energetic and enthusiastic it was apparent he was far from being on the same level than most of the contractors over there.

      Later on, I asked our client what was the deal with the chinese contractor. It turns out the client won a huge government contract, but within the contract, there was a clause which stipulated that 85% of the workforce used to execute the contract had to be chinese, and if required the contractor would be in need to train such required workforce.

      I guess that explains a lot on how these people are achieving such levels of productivity in such a short time.

      --
      My other OS is the MCP!
    4. Re:Hysterical rubbish by ArcherB · · Score: 2, Insightful

      So if a country's leaders are assholes, then the US has the right to butcher its people????

      Where do you come up with this garbage? After all the wars listed by GP, we have yet to fill up a single mass grave of civilians. We have, however, found many filled by the country's previous asshole leaders. No one seems to give a shit about that!

      So, to edit your statement to make it true:
      So if a country's leaders are assholes, then the US has the duty to prevent the butcher its people????

      --
      There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
    5. Re:Hysterical rubbish by gb506 · · Score: 2, Insightful

      No, ArcherB, foreign leaders murdering thier own people is only a good thing to wring our collective hands and talk about , not to actually do anything about...

  2. Appeals to emotion for fun and profit by Control+Group · · Score: 3, Insightful

    "Pentagon officials report that 'maliciously placed code' could compromise the security of the Defense Department and, ultimately, hurt its ability to fight wars. The culprits: offshore programmers. While the Pentagon has stepped up its vendor screening and software testing of late, it's becoming more difficult and costly to test every line of software code on increasingly sophisticated weapons systems. The task force assigned to this issue will be soon presenting its report, and most likely will determine that offshoring presents too great a risk."
    Blaming "offshoring" is a neat wave of the bloody shirt, but I don't think it's relevant to the problem. Take the word "offshoring" out of that quote, and replace it with "outsourcing." Does it still make sense? Let's see:

    "Pentagon officials report that 'maliciously placed code' could compromise the security of the Defense Department and, ultimately, hurt its ability to fight wars. The culprits: offshore programmers. While the Pentagon has stepped up its vendor screening and software testing of late, it's becoming more difficult and costly to test every line of software code on increasingly sophisticated weapons systems. The task force assigned to this issue will be soon presenting its report, and most likely will determine that outsourcing presents too great a risk."

    Looks like it does.

    If the problem is that there aren't enough resources (including time) to do a sufficiently thorough audit of all the code, then it doesn't matter where the code was written, does it? Do we really suppose that a malicious actor would have that much harder a time getting a job for a DoD contractor in the US than overseas? Do we really suppose that it would be that much more difficult to suborn a programmer overseas than here?

    Or, more accurately, is it enough more difficult in either case for us to be confident of code written inside the country as opposed to outside?

    It's not that I do think that offshored code is trustworthy, it's that I don't think "onshored" code is. And if we can't trust either, what does offshoring have to do with anything?

    --

    Reality has a conservative bias: it conserves mass, energy, momentum...
    1. Re:Appeals to emotion for fun and profit by Ana10g · · Score: 3, Interesting
      Do we really suppose that a malicious actor would have that much harder a time getting a job for a DoD contractor in the US than overseas? Do we really suppose that it would be that much more difficult to suborn a programmer overseas than here?


      Yes and yes (good word, by the way, had to look up "suborn"). We may not have the man power here to conduct a thorough, line by line audit, but we do have legions of background investigators. And, it's currently illegal for a non-US citizen to hold a security clearance, for good reason (you cannot let the fox into the hen house, after all). It's pretty much a moot point of offshoring work requiring a clearance, as it's illegal. More important to the discussion is the use of off the shelf components in developed software. This is where it gets a little fuzzy. Certain countries can be trusted, some cannot, and, by extension, companies based in those countries are not to be trusted either. Long story short, a lot of redevelopment occurs because offshore vendors are not trusted. It's a good and a bad thing. Costs more, provides Americans with jobs that will not go overseas. Provides level of safety and security by ensuring code is developed by trustworthy people, but shorts out talented programmers overseas.

      I mean, seriously, who wants to buy fire control radar components from AlQaeda.com?
      --
      just an analog boy living in a digital age.
    2. Re:Appeals to emotion for fun and profit by thermopile · · Score: 2, Interesting
      Here's why the US government is so concerned about someone hiding a trojan horse inside sensitive code: The U.S. has done it to other countries before.

      Click here for a fascinating article describing how the CIA and FBI managed to sell to the Soviets some chips with bungled operations "hidden" in the chips, to be used for their shiny, new Trans-Siberian natural gas pipeline. The result was the largest non-nuclear explosion ever seen from space.

      What goes around, comes around, and the government is getting nervous...

      --

      "Diplomacy is something you do until you find a rock." --Richard Pound

  3. Yeah, just think... by inviolet · · Score: 2, Funny

    ...what if they'd offshored WOPR?

    "How about a nice game of Chinese Checkers?"

    --
    FATMOUSE + YOU = FATMOUSE
  4. New tag: "noshit" by Kadin2048 · · Score: 2, Insightful

    I'm glad the Pentagon finally woke up to reality, where maybe it's not such a hot idea to pay some Indian contract programmers a few bucks an hour to write the firmware for your cruise missiles.

    I'm not sure of the exact law, but I believe there is one which basically says, all U.S. defense procurement must come from domestic sources, unless it's some exceptional item that can only be purchased abroad. Maybe we need a law like that for government contracting and outsourcing. Unless there's a demonstratable reason for having to do it offshore, it shouldn't be.

    --
    "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  5. Inconsistency by Flying+pig · · Score: 4, Interesting
    The UK government buys military equipment from the US which contains software which it is not permitted to review, and indeed for which it may not be allowed the latest version. And we are supposed to be about the only real international friend the US can rely on.

    And this software which we are not allowed to review may have been written by offshore programmers who will know perfectly well that they are doing the job because they are cheaper, and have absolutely no patriotic investment in the US?

    I wonder how many other global empires have been brought down by the desire to make a quick buck?

    --
    Pining for the fjords
  6. Re:Scary!!! by Sepper · · Score: 2, Insightful

    What scares me the most is the fact that they even gave offshoring a consideration!!!

    The DOD didn't do it themselves... they outsourced it to contractor 1 who outsourced part 1A and 3B to contractor 2 who outsourced it offshore.

    --
    I live in Soviet Canuckistan you insensitive clod!
  7. Already affecting the military by britneys+9th+husband · · Score: 4, Interesting

    Maliciously placed software code is already weakening our military and hurting its ability to effectively fight wars. And that code was developed by Diebold right here in the USA.

    --
    Hear recorded Slashdot headlines on your phone! New service beta testing. Just call (248) 434-5508
  8. Re: Background checks... was Appeals to emotion by guacamole+rocks · · Score: 2, Interesting
    If the problem is that there aren't enough resources (including time) to do a sufficiently thorough audit of all the code, then it doesn't matter where the code was written, does it? Do we really suppose that a malicious actor would have that much harder a time getting a job for a DoD contractor in the US than overseas? Do we really suppose that it would be that much more difficult to suborn a programmer overseas than here? Or, more accurately, is it enough more difficult in either case for us to be confident of code written inside the country as opposed to outside?

    Yes, in fact we can be more confident of US code. When the US Goverment subcontracts to someone in the US, there are two dynamics in our favor...

    1. The US does not have kind of economic forces that encourage the kind of high turnover that is typically seen in places like India (as an example). As a former employee of an embedded-systems company, I heard all about the rampant problems that our foreign outsourcing partners had... including competitors who would wave a few more rupees at them and they immediately flee (taking our proprietary knowledge with them).

    So, how does this contribute to this discussion about hidden backdoors in Government software? The problem is that higher turnover means less incentive for the contracting company to do their due diligence on the next guy... knowing that at a significant portion of them will be gone within months. It also means an easier time for say an Iranian or Pakistani with a grudge to start working for the same company...

    2. It is much easier to ensure you are getting good background checks in the US... the Feds can audit the contractors employees backgrounds... much harder to do on foreign soil.