In theory, the Cold War ended in 1991, a warming of relations between Russia and the United States of America was to follow – although we know they’ve never really been that warm – but the notion of “reds under the bed” was supposed to be over – clearly it isn’t.
Earlier this week the US Department of Homeland Security told government departments and agencies that they should remove all Kaspersky Lab security software from their systems. The reason being that there are alleged ties between Kaspersky and Russian intelligence services.
Homeland Security took this step ahead of a vote in the US Senate which sought to prohibit the use of the software security firm’s technology by government. The vote has now taken place and the US government has unsurprisingly decided to ban the use of the technology.
“The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement.
To be clear, Kaspersky Lab has denied claims that it has any links to the Russian intelligence services, but the allegations have already led to Best Buy pulling the company’s software from its shelves and refusing to sell it.
No evidence has been made public regarding any allegations.
Eugene Kaspersky, CEO & founder of Kaspersky Lab said in a Tweet regarding the Us government decision:
This situation hasn’t just materialised out of the blue, but has dramatically escalated over the past two weeks. At the start of September a US Senator by the name of Jeanne Shaheen wrote an op-ed in the New York Times, “The Russian Company That is a Danger to Our Security.”
The article outlines how big of a threat Russia is, “waging a cyberwar against out NATO allies and is probing opportunities to use similar tactics against democracies worldwide,” and questions why “millions of Americans unwittingly inviting this threat into their cyber networks and secure spaces?” Referring to Kaspersky.
Whilst it is said that the heads of the six top intelligence agencies all said no as to whether or not they would be comfortable with Kaspersky Lab software on their agencies’ computers. Although evidence is typically required to back up all the claims made in the article, a get out of, “I cannot disclose the classified assessments that prompted the intelligence chiefs’ response,” is a sure-fire way of stirring the pot without actually backing up the claims.
Kaspersky responded by saying that the piece: “is not only damaging the reputation and livelihood of the 300-plus Kaspersky Lab employees in the United States, but also detracting from valid concerns about the ability of different nations to engage in cyberespionage and to direct digitally enabled attacks against critical infrastructure.”
“Are we now banning companies based on its origin? Is it really the path we go on now? Imagine just how easy it is for any other country to exclude, for example, Microsoft, Oracle, SAP, Hitachi from governmental contracts based on allegations and speculations, without evidence saying “They’re a potential threat…; we’re very concerned about them [foreign software developers] and the security of our country!…”
And states that, “misinformation and inaccurate perceptions are driving forward a dangerous agenda that may impact global cybersecurity, as origin may start dictating what technology is used instead of being able to choose the best solutions and experts available.”
Should countries start banning the sales of tech products from companies that have any kind of ties with a regime they do not like then we should find ourselves in all sorts of bother.
The fact is that many tech companies work with a large number of government organisations around the world. It is the duty of the government organisation to vet the technology it is using, if it is not up to scratch or they find that data is shared illegally with external organisations – this would surely be included in any government contract that no data from their systems should be shared – then it is their duty to either bring a case against the offending party.
Given that no evidence has been presented, other than the fact that Kaspersky is a Russian company and Eugene Kaspersky worked as a software engineer for Soviet military intelligence, the targeting of Kaspersky Labs feels like a Cold War witch hunt, one that is damaging to not just the company, but also to the idea of sharing data between government agencies, businesses, and cyber security firms to better combat threats from hackers.