Top IT consultants in the UK are advising the U.S. military, government and other critical agencies that their commercial software outsourcing is leaving them open for serious security risks and possibly a major cyber terrorist attack. Experts at the Cyber Defense Agency (CDA) feel that gas, electricity, telecommunication companies and banks could find themselves under attack by those hoping to take advantage of some software code weaknesses, leading to “life-cycle” attacks, which happen when one line of code out of millions gives access to problems with the software and open it up to infiltration.
An IT consultant spokesman confirmed the rumor that CDA had warned the U.S. government of national security threats, but had not yet shared this information with the UK government, mainly because the Agency is not in direct contact with it. When informing the U.S., IT consultants backed their statements with fresh Department of Defense research conducted by national security experts. The report stated that the less expensively-built software created by overseas labor is most vulnerable. Many experts feel these outsourced projects are helping terrorists to plan an organized attack against the U.S. The longer U.S. IT consultants and government officials wait to address these coding problems, the greater the threat will become.
UK IT consultants are advising that large software companies insist on organized security reviews of their own code as well as even on third party code and open source code. An in-depth security review by experts would help detect life-cycle attacks and decrease the risk of serious damage to major organizations. Many of these reviews could be done automatically by secure software.
Blogged By: Computer Consulting 101 Professional Kit