category

Congress may ban Kaspersky software from Pentagon


Shall we pop down the rabbit hole? Senator Jeanne Shaheen (D-NH) has introduced an amendment to ban Kaspersky security software from the Pentagon and from any agency connecting to the Pentagon. This effectively would kill Kaspersky at the federal government level and crater their sales elsewhere in the country. Her reasoning for this is the FBI has questioned Kaspersky employees here and the company is based in Russia. Which seems a bit flimsy. However there is a FSB document authorizing Kaspersky, which uses a military intelligence unit number, which apparently is quite unusual.

“That strikes me as much more persuasive public evidence,” said Paul Rosenzweig, a former deputy secretary for policy at the Department of Homeland Security. “It makes it far more likely that much of the rumor and uncertainty about Kaspersky are true.”

The US government needs to show some evidence Kaspersky computer security is compromised before banning it. It shouldn’t be banned just because it’s from Russia and Kaspersky was intelligence at one time. They are a world leader in computer security. Plenty of computer security companies here have people who were in intelligence and their companies probably have government contracts too. Does that mean those companies are automatically compromised? Are we sure Norton doesn’t have back doors? (I’m not claiming at all that it does, just using it as an example.)

Astonishingly, Kasperky says they will turn over source code to the US government to be inspected.  However even that might not be enough. Because code audits won’t prove much.

““A code audit is not really the issue here,” Williams, a former NSA employee, said. “First, a source code audit is a point in time. So what we see today may not be the code used to build the product tomorrow. Second, the compiled code may contain backdoors not in the originally compiled source. These are non-trivial to detect.”

Russia says if this happens they will retaliate, yet I’m not sure how they could. They can’t really ban US software like Microsoft Windows and Office or Apple IoS products because what would they they replace them with?

Any “unilateral political sanctions” by the U.S. may prompt a response from Russia, whose government systems use “a huge proportion of American software and hardware solutions in the IT sphere, even in very sensitive areas,” Nikiforov said in an interview on Friday. He declined to identify U.S. software products that may be affected by any reciprocal sanctions.

Eugene Kaspersky, founder of the company says:

“Now, only a few weeks after WannaCry, Kaspersky Lab is facing one of the most serious challenges to its business yet, given that members of the U.S. government wrongly believe the company or I or both are somehow tied to the Russian government. Without any evidence presented (because there isn’t any), these false assumptions have led to an extreme new measure. Currently there is language included in a a draft authorization bill that would prohibit the U.S. Department of Defense from using Kaspersky Lab products, reportedly due to concerns that the company ‘might be vulnerable to Russian government influence’. ARE YOU KIDDING ME?!”