Security fears scuttle deals

Sourcefire episode reflects shift against foreign-owner roles

March 25, 2006|By JAMIE SMITH HOPKINS, SIOBHAN GORMAN AND TRICIA BISHOP | JAMIE SMITH HOPKINS, SIOBHAN GORMAN AND TRICIA BISHOP,SUN REPORTERS

The collapse of a deal to sell a Columbia software maker to an Israeli company signals a sharp shift in sentiment against foreign ownership of any assets that could possibly have national security implications, experts said yesterday.

Israeli-based Check Point Software Technologies Ltd. bowed out Thursday from its plans to buy the local Sourcefire Inc., a maker of network security technology that is used by a variety of customers, including federal intelligence agencies. The announcement came the same day that a federal panel of 12 government bodies was set to conclude an investigation into the $225 million deal.

The scuttled sale is "just the tip of the iceberg" in the new political climate created by the uproar over the Dubai ports deal, said John Rollins, former chief of staff for intelligence at the Homeland Security department.

"You can make the case on almost any foreign ownership issue that there is a national security nexus," said Rollins, who is now a terrorism and foreign affairs specialist with the Congressional Research Service, the nonpartisan research arm of Congress.

A federal law enforcement source who spoke on condition of anonymity said yesterday that the FBI feared that the sale would give a foreign entity crucial information about where the government's systems are - and aren't - secure. If Check Point had control of the software, it would have been able to "understand what the vulnerabilities would be and therefore be able to exploit them," the official said.

But the U.S. technology industry has sent so much work offshore that a great deal of software used by the government is coded and supported outside the United States, particularly in India, Rollins said. Such arrangements are going unscrutinized, Rollins said.

Sourcefire chief executive Wayne Jackson said yesterday that he had been operating since the deal was struck in October on the assumption that - for whatever reason - it might not be consummated.

"We're emerging from this disappointed, given our hard work associated with the transaction, but gratified that the company's in as good a position as it is," said Jackson, who reported this week that the privately held Sourcefire became profitable last year and increased revenues more than 70 percent. "You can expect that we will continue to be very aggressive."

It's "absolutely a possibility" that Sourcefire will look to acquire rather than be acquired, Jackson said.

Jeffrey W. Englander, an independent analyst who follows the information security industry, said an initial public offering is another possibility this year.

Sourcefire manages an open-source intrusion protection system called Snort and sells software designed to work with that technology, further bolstering network security.

The code for open-source technology is free and available for anyone to see.

About 13 percent of Sourcefire's revenue comes from the government, though it says that what it sells to federal agencies is identical to the products it sells to everyone else.

William Lucyshyn, an information security expert who is director of research at the Center for Public Policy and Private Enterprise at the University of Maryland, College Park, said Snort is widely used inside and outside government.

"Sourcefire is one of the technical leaders in intrusion detection systems," he said.

Federal agencies could have conceivably swapped the Sourcefire software for another company's, but the law enforcement source said that would come at "great cost" because it is so integrated into government computer systems.

Still, the national security implications of a Sourcefire sale seem dubious to some technology experts - particularly a sale to Check Point, which provides firewall protection to a wide swath of corporate America.

Any tech employee, American or otherwise, could try to develop software with malicious code such as "back door" points of entry into a network, the technology experts said.

"If you're afraid of `back doors,' you better be testing all your software," said John Pescatore, a vice president for Internet security at Gartner Inc., an information technology research and analysis company.

If malicious code were inserted in Microsoft Corp.'s ubiquitous Windows software, it would probably cause more problems than compromised network security software could, added Doug Jacobson, an associate professor at Iowa State University whose specialty is network security.

If Sourcefire's intrusion detection technology didn't work properly, "it'd be like spray-painting over the camera watching over the entrance to the bank," he said. "You still got to break into the bank."

Sourcefire's investors, who include the state of Maryland, stood to make millions if the deal had gone through.

The Maryland Venture Fund funneled $550,000 into Sourcefire in 2002 and was expecting a payout of about $4 million - seven times its investment. At the time the deal was announced, fund manager Elizabeth Good said her team was "absolutely ecstatic."

Baltimore Sun Articles
|
|
|
Please note the green-lined linked article text has been applied commercially without any involvement from our newsroom editors, reporters or any other editorial staff.