The threat of Russian interference in the activities of the U.S. government, a drama that has been unfolding over the past several months, is now one that has entered the realm of cybersecurity. The FBI is currently investigating whether Kaspersky Lab, provider of anti-virus and cybersecurity software, has ties to Russian military and intelligence.
A leader in cybersecurity, with 400 million users worldwide, company leaders have denied ties to Russian military and intelligence since Kaspersky Lab was established in 1997. As a measure of precaution, however, the U.S. government recently announced that agencies have 90 days to remove Kaspersky software from their systems. This software ban could set a concerning precedent for the global cybersecurity industry.
What are the concerns?
Kaspersky software was once a major component of the U.S. government cybersecurity strategy, with anti-virus products protecting privileged files. There are now concerns from top government officials that at any point, the Russian government could place pressure on Kaspersky Lab to allow access to critical U.S. government information. Despite Kaspersky’s denial of any allegations and their offer to allow the U.S. to inspect its source code, security officials no longer have faith in Kaspersky products. This is based on the ability to access and compromise federal information that could impact national security through an undetected back door.
What does this mean for borderless cybersecurity?
Currently, the global cybersecurity industry relies on mutual trust among the top firms. Kaspersky Lab, in partnership with U.S. software firm, Symantec, identified the Regin trojan, a cyber-weapon already deployed throughout the intelligence community that could yet have international repercussions. However, this movement to establish borders on cybersecurity not only restricts the flow of critical information that could be used in mitigating threats, but it shifts the level of confidence from one of trust to that of suspicion. Ultimately, the ensuing defense posture will hinder efforts to prevent global threats.
Best Buy has also taken action, removing Kaspersky products from their shelves, but their software products are still widely used in many American and Canadian households. Eliminating Kaspersky products completely will involve an entire shift in the national security infrastructure, significantly impacting cybersecurity.
The successful management of cybersecurity threats has relied on an international pool of experts. The Kaspersky ban, despite good intentions, could impact government and private businesses, as credible cybersecurity threats may go undetected. Confining cybersecurity to national software has the potential to reduce some risks, yet exacerbate others, and the entire industry will feel the impact either way.
If you are concerned about your cybersecurity, want to explore options beyond Kaspersky, or have insight into the impact this will have internationally, we’d love to hear your thoughts. Please comment below or join our conversation on Facebook.