DHS needs to be more forthcoming with what it knows about the company.
In a memorable episode of “The Sopranos,” Tony and two lieutenants murder a colleague they discovered has turned FBI informant. They shoot him on his boat and shove his weighted body into the ocean off New Jersey. In the pre-whack interrogation, they discover he’d flipped more than a year earlier. Thus, the damage was done.
This show came to mind when reading the Homeland Security binding operational directive to whack the cybersecurity software company Kaspersky Lab. The BOD has the cybersecurity world quivering; DHS gives agencies 90 days to remove Kaspersky products and software from their networks. Agencies have now less than 30 days to identify what Kaspersky products they use before they begin removing them.
Talk about a fire drill.
If Kaspersky is evil, then it’s got another 90 days to exfiltrate sensitive information, beyond the many years it’s already been doing so. If it’s totally above board, it’s getting unfairly caught up in broader political questions concerning Russia.
Yeah, it’s complicated.
But the Kaspersky question has been spreading for months. A Senate provision in the Defense Authorization bill would ban the company from selling to the government. FBI agents visited the homes of Kaspersky employees, according to several published reports. National Security Agency director Adm. Mike Rogers told senators he was personally involved in watching Kaspersky. Eugene Kaspersky himself has offered to let U.S. federal officials examine its source code.
DHS says it’s concerned that, under Russian law, intelligence agencies there have access to data about U.S. federal networks generated by Kaspersky software. DHS cites ties to the Russian government and certain Kaspersky officials. Kaspersky rebuts DHS’s contentions. DHS has given Kaspersky the chance to provide a written response. More might come out at a House Science Committee hearing later this month where Kaskpersky, DHS, the National Institute of Standards and Technology and others have been invited to testify.
To me, this affair raises several more questions. For instance:
DHS took a highly visible action while providing little detail. We don’t know if something tangible happened or if the agency is just covering its keister. It should come clean, or at least cleaner, with what it knows. Many U.S. corporations that use Kaspersky Lab products would also like to know.
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Tom Temin is host of the Federal Drive and has been providing insight on federal technology and management issues for more than 30 years.
Follow @tteminWFED