Sept. 21, 2017 | By Holly Dragoo
The U.S. Senate passed the Defense Authorization Act, including an amendment banning cybersecurity firm Kaspersky Labs from use by federal agencies. This comes after briefings from the Department of Homeland Security and a White House directive alleging the software has both political and digital connections to Russian government stakeholders. Kaspersky denies any governmental ties, and has offered to testify before Congress, stating there are no “backdoors” or covert channels for secret use in their products. While it is not law yet, it is expected to pass as part of the FY 18 National Defense Authorization Act.
IISP Analyst Holly Dragoo: "Kaspersky’s anti-virus products and Threat Post blog have been increasingly used in U.S. markets in recent years, including government offices, in spite of CEO Eugene Kaspersky’s well-known KGB training and Russian government milieu. This is in part due to an aggressive marketing push by the company, and possibly because these types of products have been (naively) perceived as non-threatening since it’s industry standard to share threat information with a cybersecurity vendor for aggregate analysis. I would argue this alone should be cause for concern; 'backdoors' are unnecessary when your internal network data is being routed to a vendor’s headquarters in a hostile country. Never mind that Russian law requires service providers like KL to install monitoring equipment accessible to the FSB – an actual 'front door.' When Kaspersky branched out into developing operating systems and SCADA/ICS system software, however, I think people started to wake up and pump the brakes on procurement. It’s about time."
For further reading
- U.S. Senator Jeanne Shaheen: https://www.shaheen.senate.gov/news/press/shaheens-legislation-to-ban-kaspersky-software-government-wide-passes-senate-as-part-of-annual-defense-bill-
- The New York Times: https://www.nytimes.com/2017/09/04/opinion/kapersky-russia-cybersecurity.html?mcubz=1&_r=0
- RussiaToday: https://www.rt.com/business/403814-kaspersky-lab-reaction-us-ban/