The council will provide recommendations to executive agencies that certain products that pose supply-chain threats be excluded from agency procurement or be removed from agency networks.
Latest in Kaspersky
As the competition for 5G continues, one of the largest players, Chinese company Huawei Technologies, is facing concerns from numerous countries that using Huawei equipment exposes their national networks to spying or worse by the Chinese government.
Most Lawfare readers will be familiar with Kaspersky Labs, the Russian cybersecurity firm. Many American cyberspecurity experts (including Rick Ledgett, Nicholas Weaver, and me) have been skeptical about the firm, suspecting that its connections to the Russian government were not wholly benign. We were not alone in that concern: eventually the U.S.
In December 2017, the Russia-based cybersecurity firm Kaspersky Lab filed suit against the Department of Homeland Security over an order labeling Kaspersky software an “information security risk” and ordering the removal of all relevant software from government national security systems after a review process of 90 days.
The House Committee on Science, Space, and Technology is holding a hearing on "Assessing the Risk of Kaspersky Lab Products to the Federal Government."
The following witnesses will testify:
Kaspersky Lab has been under intense fire recently for allegedly using, or allowing Russian government agents to use, its signature anti-virus software to retrieve supposed National Security Agency tools from the home computer of an NSA employee. This follows activities from the U.S. government including Sen. Jeanne Shaheen's proposed legislation to ban Kaspersky products from use by the government and a binding operational directive from the Department of Homeland Security that does the same.
Kaspersky Lab is an excellent company with a solid reputation for building good security products. For most users, there is no meaningful distinction between Kaspersky, Symantec, or F-Secure as sources for antivirus and related tools. All are good options.
A recent AP story notes that senior U.S. intelligence officials do not recommend Kaspersky's anti-virus products. Attempting to rebut the concern, Eugene Kaspersky has offered to allow the inspection of the source code of his anti-virus products. For reasons that Herb Lin ably outlines, that offer is inadequate to establish the lack of Russian government influence.
A recent AP story notes that senior U.S. intelligence officials have advised Congress to steer well clear of Kaspersky's products. In response to such U.S. government concerns, Eugene Kaspersky has offered to allow the inspection of the source code of his anti-virus products.