Defense worried about Israeli acquisition of SourceFire

United Arab Emirates control of US ports is not the only deal with national security implications facing scrutiny. The administration group that's doing a 45-day review of the ports deal is also looking at the sale of a small US company to Israel's Check Point, AP reports.

Defense and FBI officials raised yellow flags over the deal because Md.-based SourceFire is the creator of the open source program Snort - "single most widely deployed intrusion prevention and detection technology in the world," as SourceFire says.

Sourcefire's protection and monitoring technology builds on the popularity of Snort, which was created by its chief technology officer and is distributed free. Unlike Sourcefire's commercial products, Snort's [source code is] open for inspection to assure it works as advertised. This makes it popular inside the U.S. intelligence community, even alongside more mainstream security products from Cisco Systems Inc. or Juniper Networks Inc.

The concern seems to be that with many government computers running Snort, and SourceFire's Snort-based products and services in Israeli hands, that security will be compromised. A larger concern may be whether the acquisition will put an end to Snort's open source status.

In private meetings between the panel and Check Point, officials from the FBI and Defense Department objected forcefully to permitting any foreign company to acquire some sensitive Sourcefire technology for preventing hacker break-ins and monitoring data traffic, an executive familiar with the discussions told The Associated Press. This executive spoke on condition of anonymity because government negotiations are supposed to remain confidential.

Under the sale, publicly announced Oct. 6, Check Point would own all Sourcefire's patents, source-code blueprints for its software and the expertise of employees.

William Reinsch, a former senior U.S. official who participated in reviews under President Clinton, said the Israeli sale involves more dire security issues than the administration's recent approval for a Dubai-owned company to take over significant operations at six major American ports.

"This raises a lot more important issues," said Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations raise security issues, but the ports are still in the United States."