RUBIO ON RUSSIAN CYBER FIRM
Sen. Marco Rubio questioned key cybersecurity officials, including the former director of the National Security Agency, about the use of Russian security software that has been linked to the Russian security services.
The Florida Republican disclosed during a recent hearing of the Senate Select Committee
on Intelligence that members of his presidential primary campaign last year had been targeted in cyberattacks from unidentified hackers in Russia. Computers used by Rubio aides were attacked by Russian hackers beginning in July in an unsuccessful attempt to gain access to internal campaign documents.
The senator then announced to the committee that on March 29 another unsuccessful Russian cyberattack was carried out against his former presidential campaign members.
Mr. Rubio then asked three cybersecurity experts testifying before the committee if they would use cybersecurity software produced by the Russiabased company known as Kaspersky Lab, and if they would recommend that senators use the company’s products.
“There have been open-source reports which I can cite from that basically say the Kaspersky Lab has a long history connecting them to the KGB successor, the Russian security services,” Mr. Rubio said.
Would the experts use Kaspersky Lab security products and should senators use the Russian software? the senator asked.
“I’ll answer by no, I wouldn’t,” said retired Gen. Keith Alexander, former director of the NSA, “and I wouldn’t recommend that you do it either. There are better capabilities here that you can use.”
Gen. Alexander said other U.S. security firms are more capable of dealing with cyberthreats and would be better at blocking those threats than Kaspersky.
Kevin Mandia, CEO of the cybersecurity firm FireEye was more circumspect.
“I think the way I’d address that is generally people’s products are better based on where they’re most located and what attacks they defend against,” Mr. Mandia said.
“My answer indirectly would be there would be better software probably available to you than Kaspersky to defend you here,” he added.
Thomas Rid, professor of security studies at King’s College, London, said he had no qualms about using Kaspersky products but recommended using competing security software in addition.
“A bit of a redundancy never harms, but it’s important to say that Kaspersky is not an arm of the Russian government,” Mr. Rid said.
Mr. Rid said he believes Kaspersky does not pose cybersecurity threats because it has publicized information about Russian cyberintrusion campaigns and digital espionage operations.
“Name any American company that publishes information about American digital espionage,” he said.
U.S. security and intelligence agencies have warned against using Kaspersky software for government computers and networks.
In particular, the Pentagon’s Defense Intelligence Agency warned in March 2016 that the Russian company was planning to sell security software to American companies in charge of critical infrastructure that the intelligence service warned could be used by the Kremlin to gain access to industrial control systems. The DIA warned that use of the security software would weaken security for U.S. industrial control systems and so-called supervisory control and data acquisition software, or SCADA systems.
Kaspersky Lab has denied that use of its security products would weaken infrastructure control cybersecurity: “The alleged claims are meritless as Kaspersky Lab’s products and solutions are designed to protect against cybercriminals and malicious threat actors, not enable attacks against any organization or entity,” the company said in a statement.
“We are not developing any offensive techniques and have never helped, or will help, any government in the world in their offensive efforts in cyberspace,” the company added.