Remember, US President Donald Trump promised: 'Buy American, Hire American' - the American swadeshi campaign? The promise carried him to the White House. The President's administration aggressively targeted the cyber sector and defense bureau. Trump targetting the acting forums and security agencies, made many pen open letters and lead to ‘political outcries' against the mishaps happening in the cyber sector. Despite this, the guns of the administration trained on Russian-based cyber security giant, Kaspersky.
Recently, the National Defense Authorization Act for FY 2018 (H.R. 2810) was signed by Trump on 12 December. The Act focuses on various funds to strengthen the Department of Defense and Department of Energy programmes. In addition,the changes in foreign affairs programs and a few other appropriations have been added. Noiselessly, the Act highlighted the ban of antivirus and security provider Kaspersky from the shade of Federal branches.
Under Section 1634 of the Act, the products and services provided by Kaspersky Lab will no longer serve the Federal service from 1 October 2018.
What was the trigger?
It all started when American paper, Wall Street Journal, published a report accusing Kaspersky with regard to secret data leak that happened two years ago. The fourth pillar's report alarmed the ‘hats’ in the US and made many switch to alternative security providers.
However, Kaspersky managed to maintain its reputation in the cyber market. On their own, the company investigated the issue and filed the report in November. The report revealed the fact behind the allegations. The samples verified in the investigation untied the knots. The ‘signatures’ found are linked to National Security Agency’s elite forum, Equation Group. Despite the report published and open letters sent to the authorities of Department of Homeland Security, it called for a ban of Kaspersky.
News Today contacted the headquarters of Kaspersky Lab to raise a few questions. Here are the excerpts:
Q: Though you (firm) have proved that you aren't responsible for the mishap that happened with NSA hack 2015, why is the American Federal government aggressive towards you?
A: As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that Kaspersky Lab is caught in the middle of a geopolitical fight. We make no apologies for being aggressive in the battle against malware and cyber criminals. The company actively detects and mitigates malware infections, regardless of the source, and we have been proudly doing so for 20 years, which has led to continuous top ratings in independent malware detection tests. It’s also important to note that Kaspersky Lab products adhere to cyber security industry’s strict standards and have similar levels of access and privileges to the systems they protect as any other popular security vendor in the US and around the world.
Q: According to the report published on 16 November, Kaspersky alleged NSA's elite forum, 'Equation' led to the mishap that happened with the system of former NSA employee (Nghia Hoang Pho - 67- Ellicott City, Maryland, who took documents that contained top-secret national information from the agency between 2010 and 2015). It found the samples collected were from the compromised system.
A: Because our software anonymizes certain aspects of users’ information, we are unable to pinpoint specifically who the user was. Even if we could, disclosing such information is against our policies and ethical standards.
Q: As Trump signed the bill recently to ban the use of Kaspersky security services in Federal agencies, will it affect the firm?
A: Although the US government sales have not been a significant part of the company’s activity in North America, the Congress singled out Kaspersky Lab based solely on the location of its headquarters, resulting in substantial and irreparable harm to the company, its US-based employees, and its US-based business partners. The company has operated in the region since 2005, and North America remains a strategic market for Kaspersky Lab. The company’s North American unit employs nearly 300 employees, including members of the expert Global Research and Analysis Team. Expanding the company’s presence in the region will better enable Kaspersky Lab to provide its customers with the best cyber security solutions and services.
Q: Though the ban is from October of next year, is there any chance to reconsider their decision? Have you moved any court to hold the ban?
A: Kaspersky Lab is assessing whether any further action is appropriate to protect our interests. In the meantime, it continues to prioritise protecting its customers from cyber threats, regardless of their origin and purpose, and collaborating globally with the IT security community to fight cyber crime.
Q: Do you think these actions are made to follow, 'Buy American and Be American', theme. Earlier, McAfee - a California-based AV firm campaigned against your company's products, when the NSA issue was at its peak.
A: There are often situations where competitors might use these media allegations to take advantage of the situation. Eugene Kaspersky tweeted about this recently.
Q: As you mentioned in the blog post at securelist.com, the signatures are pointing to the Equation Group for the comprise. When the signatures were cross-checked with online communities, the reports match a little. And at the end, Kaspersky mentioned that the system was compromised in 2014 with due to the use of malicious resources.
A: Kaspersky Lab, a private company, seems to be caught in the middle of a geopolitical fight where each side is attempting to use the company as a pawn in their political game.
Section 1634: (Prohibition on use of products and services developed and provided by Kaspersky Lab)
The Act states that no department, agency, organisation, or other element of the Federal government may use, whether directly or through work with or on behalf of another department, agency, organisation, or element of the Federal government, any hardware, software, or services developed or provided by Kaspersky in whole or in part.This Act comes into force 1 October 2018.
The Secretary of Defense, in consultation with the Secretary of Energy, the Secretary of Homeland Security, the Attorney General, the administrator of the General Services Administration, and the Director of National Intelligence, conducted a review of the procedures for removing suspect products or services from the information technology networks of the Federal government.