American officials are worried that Russian software could be used to compromise national security, and they aren’t taking any chances. A draft version of the Senate’s National Defense Authorization Act, which greenlights military funding, explicitly bans the Department of Defense from using Kaspersky Lab’s security software over concerns that it could be “vulnerable to Russian government influence.” Senator Jeanne Shaheen, who added the clause, believes Kaspersky “cannot be trusted” to protect the US’ critical infrastructure. The links between the company and the Russian government are “very alarming,” she says.
Shaheen is referring to reports from outlets such as BuzzFeed News, which cited anonymous officials concerned that Kaspersky has a “close relationship” with the Russian government. There doesn’t appear to be hard evidence of a link, but there are worries that the US isn’t adequately vetting access agreements between Kaspersky and the third-party vendors that provide its tools to the American government. The firm has landed contracts with agencies ranging from the National Institutes of Health (in 2008) to the Consumer Product Safety Commission (in 2016), including some State Department offices.
Kaspersky, for its part, is vocally denying connections. It “has never helped, nor will help, any government in the world with its cyberespionage efforts,” according to repeated statements. We’ve reached out for comment on the NDAA bill and will let you know if Kaspersky has more to say.
Not that any denials are stopping law enforcement. NBC News has learned (and Kaspersky has since confirmed) that FBI agents interviewed “at least a dozen” Kaspersky staffers as part of a counter-intelligence investigation. The conversations were only meant to gather information about how the company works, including how its US-based division reports to Moscow, but they still indicate that the FBI is worried enough about possible influence from Putin’s camp that it wants more answers. There’s no sign that this is linked to investigations into Russian attempts to influence the US election through hacks.
It’s possible that the bill eventually signed into law could omit the Kaspersky ban. If it passes as-is, though, it would signal a fundamental change of attitude toward the use of Kaspersky’s software for important systems — just the chance that Russia could slip spyware through (even if it’s against Kaspersky’s will) would be considered too great a risk. A move certainly wouldn’t help alleviate tensions with Russia, which still denies any involvement in election-related hacks. Whether or not the fear is justified, it’s evident that Kaspersky will have trouble winning American contracts going forward.
Via: Dustin Volz (Twitter 1), (2), Reuters
Source: Senate (PDF), NBC News