The Russian connectionDOD to remove Kaspersky software from Pentagon systems
The Department of Defense is reviewing its computer systems to make sure that software from under-suspicion Russian cybersecurity firm Kaspersky does not touch any military systems. In September DHS issued a directive to all civilian government agencies to remove Kaspersky software from their systems. The directive, which gave agencies three months to complete the removal, referred to deepening concerns in the U.S. intelligence community about the close relationship between Kaspersky and the Russian intelligence agencies.
Kaspersky Lab logo // Source: yahoo.com
The Department of Defense is reviewing its computer systems to make sure that software from under-suspicion Russian cybersecurity firm Kaspersky does not touch any military systems, a Defense spokeswoman told Nextgov.
In September DHS issued a directive to all civilian government agencies to remove Kaspersky software from their systems. The directive, which gave agencies three months to complete the removal, referred to deepening concerns in the U.S. intelligence community about the close relationship between Kaspersky and the Russian intelligence agencies.
The September directive did not apply to the Pentagon, which is outside DHS responsibility. Heather Babb, The Pentagon’s spokeswoman said, though, that the Pentagon plans to “follow the intent of the directive” and that the DOD CIO is assessing what changes need to be made, if any.
Babb did not provide information on whether any military system is currently running Kaspersky software.
NextGovnotes that in late 2014, DOD funded a contract for Kaspersky anti-virus software to be installed on 150 computers at the U.S. embassy in Cairo.
“The department actively reviews and ensures the security of its systems through a thorough screening process of all products to be used on the DOD information network,” Babb said.
On Thursday, Assistant Secretary of Defense for Homeland Defense and Global Security Kenneth Rapuano told the Senate Armed Services Committee that officials “have instructed the removal of Kaspersky from all DOD information systems.”
Intelligence officials have told NextGov said Kaspersky does not run on any of the systems of intelligence community, but that DOD has a much larger IT operation which is less self-contained.
The 13 September DHS directive does not say that the U.S. intelligence community found a direct link between Kaspersky and Russian intelligence, but only that the department is “concerned about the ties between certain Kaspersky officials and Russian intelligence” and about a Russian law requiring certain Russian companies to share source code with the government.
Company founder Eugene Kaspersky, a former KGB operative, has denied any ties between his company and Russian intelligence, but revelations about the extent of Russian interference in the 2016 U.S. election on behalf of Donald Trump has made the U.S. government more sensitive to the possibility of Russian cyberthreats.
On 5 October, the Wall Street Journal reported about a successful Russian hacking operation which leveraged Kaspersky anti-virus to steal National Security Agency hacking tools from an agency contractor’s home computer. The Journal noted that it was not clear whether Kaspersky was aware of the Russian intelligence’s use of the company systems, but cybersecurity experts said it is highly unlikely that the company could have been blind to the Russian intelligence’s exploits.
NextGov notes that a military-wide ban on Kaspersky was included in the Senate’s version of an annual defense policy bill which is now being negotiated between the House and Senate, and in separate standalone legislation introduced in June.