U.S. Senate Prohibits the Use of Kaspersky in the U.S. Defense Department
Russian infiltration of US systems has long been a point of concern and for years, the FBI has been busy investigating possible Russian influence in U.S. government systems. In a recent spree of investigations, the FBI and the U.S. Senate consider the Moscow-based cyber security firm Kaspersky suspicious enough to warrant its ban in the US.
The reason for this suspicion is Eugene Kaspersky’s strong connection with the Russian government. In fact, he was KGB-schooled and proceeded to develop the most popular anti-virus used by millions of systems worldwide. The FBI considers the company as being, ‘vulnerable to Russian government influence,’ and recently investigated Kaspersky employees at their homes. Neither the FBI nor Kaspersky provided any comment regarding the FBI’s visits to Kaspersky employees at their homes.
An investigation by ABC News into the alleged role of Kaspersky in supporting the Russian government reveals that the FBI launched the investigation against the company years ago. It is only now that the agency has taken concrete steps to assess Kaspersky Lab’s relationship. It was only after this investigation that the U.S. Senate took to proposing a legislation imposing sanctions on Kaspersky Lab and prohibiting U.S Defense Department from using it.
The U.S. Senate Bill
ABC News published chunks of the draft copy of the amendment (which has not yet been released to the public) which clearly states that the U.S Senate amendment ‘prohibits the [Defense Department] from using software platforms developed by Kaspersky Lab.’ Furthermore, ‘No element of the Department of Defense may use, whether directly or through work with or on behalf of another … [element] of the United States Government, any software platform developed, in whole or in part, by Kaspersky Lab or any entity of which Kaspersky Lab has a majority ownership.” According to the draft, the Defense Department would have until October of next year to completely implement the change and utilize another system.
Kaspersky Agrees to Release Source Code
In a bid to overcome these allegations, Eugene Kaspersky has agreed to release the software’s source code to the U.S government proving its innocence. The company maintains in a statement that, ‘As a private company, Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyber espionage efforts.’ The company claims that there has is no, ‘hard evidence to back up these allegations.’
While U.S. lawmakers have their reasons for concerns, tech enthusiasts are not too happy with the idea of sharing source code. Primarily because Russia has been asking for source code from companies like IBM, CISCO, and other U.S based companies for ages. Both countries have been demanding source code from security firms and software programs in order to satisfy their concerns of cyber espionage. The risks to this demand are plenty especially since both countries are actively using cyber security vulnerabilities to create cyber weapons. Getting the source code of systems would be a destruction for both sides.
Talking about the matter, Rhett Jones from Gizmodo shares a valid concern as he says, ‘The fight over source code comes at a moment when Americans are deeply distrustful of the Russian government. The Russians alleged involvement in the hacking of the 2016 election combined with numerous suspicious ties to our president’s campaign has everyone on edge. But setting the precedent of gaining trust through source code access is dangerous, as is capitulating to those demands.’
Cybersecurity is the Hot Topic for 2017
Since 2016, cyber security has been a hot topic in the US. With leaked emails during the election campaigns, reports of Russia’s online meddling with U.S. systems and breached securities at government agencies, cybersecurity is a top concern. So much that in May of this year, President Trump signed an executive order on cybersecurity to ensure that government cyber systems were powerful and secure.
Penetrating cyber systems to disrupt a government is not new and while Russia has been accused of the Yahoo email breach, the DNC hacking, the U.S. has been turning security vulnerabilities into cyber weapons. The malware attacks that have been going around lately is one such example of the NSA using vulnerabilities in Microsoft to invade target systems. Unfortunately, NSA’s strategy was leaked to the public by Shadow Brokers, a group of mysterious hackers. Once leaked, the tools were picked up by malicious hackers who disrupted major industries and companies of the world with dangerous ransomware as the WannaCry and the Petya.
Commenting on the implications of sharing source code and leaking vulnerabilities, Rhett says, ‘Lawmakers have every right to worry about Kaspersky Labs’ products being used on official government systems. If they have some sort of knowledge that we don’t, they should cut ties. But setting this sort of precedent is not a good sign. Kaspersky agreeing to the demand is not a good sign. Numerous western companies doing the same for Russia is not a good sign. In the same way that experts say that you shouldn’t pay the ransom when hit by ransomware, tech companies need to block this coercion before it gets out of control.’ Rhett is not wrong with his concern. In an age where the real world depends on the cyber world to function optimally, should source code and vulnerabilities be made easily available to a government only to fend off an allegation? This is a question tech experts should take to answering. Afterall, cyber espionage, security, and vulnerabilities affect us all, not just the government.