Defense

Log4J flaw causing Army to take second look at open source software

Army CIO Raj Iyer says the department is putting "extra effort" into cybersecurity following discovery of the vulnerability last year.

By Jackson Barnett

January 13, 2022

Army CIO Dr. Raj Iyer gives out a service award at the Pentagon’s Hall of Heroes Dec. 15 2020. (Emanuel Cavallaro / DVIDS)

The Army has been watching the Log4J vulnerability closely as it looks to open source software as a way to cut licensing costs, Army CIO Raj Iyer said Thursday.

The Army already spends more than $2 billion a year on software licenses, and in a political environment where the department’s overall budget is likely to be cut, saving every dollar has become an imperative. Open source software is still an option, but more attention is needed on the provenance of code that the Army uses from the open source community, he said.

“We definitely are a believer in open source, but it means we have to put extra effort from a cybersecurity perspective,” Iyer said during AFCEA NOVA’s Army IT day.

The comments came as technology giants and federal agencies this morning met at the White House to discuss open-source software security in response to concerns over the widespread Log4j vulnerability.

Log4j is widely used open source logging software for websites. It was discovered in November that a vulnerability allowed attackers to remotely access networks through the software, causing concern across industry and the government. Other government agencies have been watching it closely and urging both federal agencies and private sector companies to patch their systems.

Open source tools offer the Army the possibility to reduce the cost of their system. To use it, though, Iyer wants a more robust governance system of how code is reviewed before it can touch Army tech. One of the biggest concerns is ensuring there is visibility on where the code comes from and that its origins are not in adversarial countries that could insert backdoors into software.

But if done right, Iyer sees an opportunity to reduce costs.

“It’s truly an imperative for me to bring down our bills,” he said.

Log4J flaw causing Army to take second look at open source software

More Like This

MPEs gain momentum for sharing information with allied partners

State Department officials say they’re trying to set the tone globally on AI usage, as lawmakers question if it’s enough

Experts warn of ‘contradictions’ in Biden administration’s top AI policy documents

Top Stories

Congressional panel outlines five guardrails for AI use in House

With 2023 tax season in the rearview, IRS commissioner eyes expansion of AI capabilities

Federal CIO calls on Congress to fund Technology Modernization Fund

CMS’s financial office is using LLM pilot to combat loss of institutional knowledge

Top public sector takeaways from Google Cloud Next 2024

Commerce requests information about AI, open data assets, data dissemination

Commerce adds five members to AI Safety Institute leadership

Kiran Ahuja to step down as OPM director

More Scoops

Senators reintroduce bipartisan bill to push for open source software security within federal gov

Software bills of material face long road to adoption

US Merit Systems Protection Board compromised in Iranian government-linked hack: report

Cyber Safety Review Board ‘moving quickly’ on second report: DHS Under Secretary

Senators propose open source software risk framework in new bill

NSA, CISA release compendium of security practices for software developers

DHS board: No one used software inventories to find vulnerable Log4j deployments

Latest Podcasts

Log4J flaw causing Army to take second look at open source software

Darryl Peek on Elastic’s role in enhancing public sector search and data analytics with AI and Google collaboration

Danny Werfel on How Automation has Enhanced his Agency’s Operations.

ManTech leaders discuss innovation and security with Google technologies

Tech

Defense

Cyber

Acquisition