> As worries about Russian hacking swirled last year in the US, tech giant Hewlett Packard Enterprise was quietly sharing with Russia the inner workings of a sophisticated cyber defense system. The same system the pentagon uses to guard its own computer networks. Reuters obtained exclusive details on HPE's decision to let Vladimir Putin's government see its source code, in order to sell software in Russia.
The program, called ArcSight, serves as a cyber nerve center for the US military, sounding an alarm when it detects network intruders. Reporter Joel Schectman broke the the story.>> The Army, Navy and Airforce all use ArcSight to protect their systems from foreign intrusion, and from cyber hackers. In order for Hewlett Packard Enterprise to be allowed to sell this cybersecurity software within Russia, they need to get a certification from a Russian defense agency called Fisstech.
The point of concern here is that, by allowing a Russian security agency to review the source code, they could have exposed unknown vulnerabilities. That Russia could use to undermine this software, and help gain access to Pentagon systems.>> That review means allowing a government-sanctioned, Russian company, Echelon, to examine ArcSight's source code under supervision at an HBE facility outside Russia.
There's no evidence the review resulted in any security breaches, and even if they did, they would first have to breach the outer walls of an organization's network before getting to ArcSight. But the Russian access was still enough to make many experts uncomfortable.>> So we spoke to a number of engineers who had worked for ArcSight, and we also spoke to a number of former NSA officials.
And all of them were either concerned, or outright alarmed that HP allowed a kind of Russian government review of the source code. Specifically because this system is something that's so widely used to protect the US Military from cyber attacks. And essentially, if you think about to, to really protect the US Military from cyber attacks from Russia.
>> The Pentagon says HPE never disclosed the Russian review to US officials, but doing so was perfectly legal. With no Federal laws stopping companies from sharing their source code with other nations to win contracts. This month HPE spun off its enterprise software business to British software company Micro Focus, who now control ArcSight.
HPE hardly alone, Cisco, IBM, and SAP have also agreed to give Russia access to code. Though several firms, including Symantec, have refused.