Now that hysterical anti-Trumpers have failed to prove collusion between Putin and the president, they are going after anything that breathes Russian air. Unfortunately, the crazed behavior has extended to include members of Congress.
The Senate Armed Services Committee, in an attempt to “counter Russian aggression,” is now proposing the entire Department of Defense be prohibited from using any software developed by Kaspersky Labs, a leading cybersecurity technology company, which happens to be headquartered in Moscow. They are additionally drafting legislation that singles out Kaspersky and broadly includes any company “operating from Moscow” that will make this ill-conceived ban a law.
Kaspersky Labs is probably the single most-respected cybersecurity research and development company on the planet. It is usually first to digest and dissect the inner-workings of zero-day malware and have a long and highly respected history of doggedly pursuing adversary cybercrime campaigns — and openly sharing the results with actionable information and intelligence throughout the InfoSec and cybersecurity community.
[lz_ndn video= 32622362]
Big fans of Kaspersky include guys like Robert M. Lee, the CEO of the industrial cybersecurity firm Dragos, an industrial control security instructor at SANS Institute, and a former U.S. Air Force cyberwarfare operations officer. Of the hundreds of thousands of information security professionals in the world, you would be hard-pressed to find a single person who has a negative view of the company.
I thought Congress was supposed to be a thoughtful and studious body of pre-eminent thinkers in America who are voted into office to look out for the best interests of the American public. And it would seem to me that if you don’t understand something very well but are held responsible for outcomes, then you would consult with domain experts before making decisions that affect the domain.
Apparently not. Not a single member of the Senate committee has apparently bothered to query anyone in the private sector about this Kaspersky ban before cranking out this National Defense Authorization Act markup. If passed, it will have a serious, deleterious effect on every cybersecurity company in every country and on the Department of Defense, and on all of our collective efforts to combat cyber threats.
News for the Informed American Patriot
Sign up for our twice-daily emails and stay up-to-date on the most important news and commentary!
It’s not enough that the NSA and CIA are continually allowed to feed the enemy through their failed operational processes. Now we ban a premium source of cyber-intel on top of that. What’s next? A ban on TrendMicro because Eva Chang, its CEO, is Chinese? Technically, Chang was born in Taiwan, but to the esteemed members of the Senate committee, maybe that won’t make any difference.
In response, and in an effort to prove that the company doesn’t behave maliciously, Mr. Kaspersky has offered (reasonably) to share his source code and testify in front of Congress.
And surprise, surprise, a senior Russian government official has warned that Moscow may retaliate if the Senate moves to ban the use of Kaspersky Lab software by government agencies, by ceasing its widespread use of American technology software and hardware.
If this move by the Senate is a belated response to Moscow’s alleged interference in the 2016 U.S. presidential election, it is beyond disgraceful. No one anywhere has ever suggested that software from Kaspersky Lab was involved in any way. And of course, as with other Congressional mandates, the practical implications are nearly impossible to sort out.
Kaspersky Lab software is used by many U.S. government agencies, but it’s not clear how much it might be used by the Defense Department because the software is frequently provided by third-party resellers and vendors. The General Services Administration also says it’s not clear how extensively Kaspersky Lab’s software is used across the U.S. government, including in which agencies because among other things, it is integrated with over 3,500 different products.
If the rest of the world reacts in kind with what the Russian government official has threatened, and we begin to globally sort out products by national origin, the result will affect U.S. commerce far more disproportionately than it will foreign products. Are they unaware that most cybersecurity, operating system, database and application software is built in America?
Or have they forgotten the global response to PRISM, the revelation that the U.S. was using cloud services to spy on foreign governments, whereupon the EU reaction was to advise businesses not to use U.S. cloud-service providers?
So if we can’t stop this stupid Senate action, at least we should take up Kaspersky’s offer on the source code review. Sharing source code is a common practice for U.S. software vendors operating under foreign government oversight in international markets. It will reveal — or fail to reveal — all that sinister manipulative code that the Senate imagines Kaspersky is using to tear down our government.
Steve King is the COO of Netswitch Technology Management.