RU­BIO ON RUS­SIAN CY­BER FIRM

The Washington Times Daily - - WORLD - Con­tact Bill Gertz on Twit­ter via @Bil­lGertz.

Sen. Marco Ru­bio ques­tioned key cy­berse­cu­rity of­fi­cials, in­clud­ing the former di­rec­tor of the Na­tional Se­cu­rity Agency, about the use of Rus­sian se­cu­rity soft­ware that has been linked to the Rus­sian se­cu­rity ser­vices.

The Florida Repub­li­can dis­closed dur­ing a re­cent hear­ing of the Se­nate Select Com­mit­tee

on In­tel­li­gence that mem­bers of his pres­i­den­tial pri­mary cam­paign last year had been tar­geted in cy­ber­at­tacks from uniden­ti­fied hack­ers in Rus­sia. Com­put­ers used by Ru­bio aides were at­tacked by Rus­sian hack­ers be­gin­ning in July in an un­suc­cess­ful at­tempt to gain ac­cess to in­ter­nal cam­paign doc­u­ments.

The se­na­tor then an­nounced to the com­mit­tee that on March 29 an­other un­suc­cess­ful Rus­sian cy­ber­at­tack was car­ried out against his former pres­i­den­tial cam­paign mem­bers.

Mr. Ru­bio then asked three cy­berse­cu­rity ex­perts tes­ti­fy­ing be­fore the com­mit­tee if they would use cy­berse­cu­rity soft­ware pro­duced by the Rus­si­abased com­pany known as Kasper­sky Lab, and if they would rec­om­mend that sen­a­tors use the com­pany’s prod­ucts.

“There have been open-source re­ports which I can cite from that ba­si­cally say the Kasper­sky Lab has a long his­tory con­nect­ing them to the KGB suc­ces­sor, the Rus­sian se­cu­rity ser­vices,” Mr. Ru­bio said.

Would the ex­perts use Kasper­sky Lab se­cu­rity prod­ucts and should sen­a­tors use the Rus­sian soft­ware? the se­na­tor asked.

“I’ll an­swer by no, I wouldn’t,” said re­tired Gen. Keith Alexan­der, former di­rec­tor of the NSA, “and I wouldn’t rec­om­mend that you do it ei­ther. There are bet­ter ca­pa­bil­i­ties here that you can use.”

Gen. Alexan­der said other U.S. se­cu­rity firms are more ca­pa­ble of deal­ing with cy­berthreats and would be bet­ter at block­ing those threats than Kasper­sky.

Kevin Man­dia, CEO of the cy­berse­cu­rity firm FireEye was more cir­cum­spect.

“I think the way I’d ad­dress that is gen­er­ally peo­ple’s prod­ucts are bet­ter based on where they’re most lo­cated and what at­tacks they de­fend against,” Mr. Man­dia said.

“My an­swer in­di­rectly would be there would be bet­ter soft­ware prob­a­bly avail­able to you than Kasper­sky to de­fend you here,” he added.

Thomas Rid, pro­fes­sor of se­cu­rity stud­ies at King’s Col­lege, Lon­don, said he had no qualms about us­ing Kasper­sky prod­ucts but rec­om­mended us­ing com­pet­ing se­cu­rity soft­ware in ad­di­tion.

“A bit of a re­dun­dancy never harms, but it’s im­por­tant to say that Kasper­sky is not an arm of the Rus­sian gov­ern­ment,” Mr. Rid said.

Mr. Rid said he be­lieves Kasper­sky does not pose cy­berse­cu­rity threats be­cause it has pub­li­cized in­for­ma­tion about Rus­sian cy­ber­in­tru­sion cam­paigns and dig­i­tal es­pi­onage op­er­a­tions.

“Name any Amer­i­can com­pany that pub­lishes in­for­ma­tion about Amer­i­can dig­i­tal es­pi­onage,” he said.

U.S. se­cu­rity and in­tel­li­gence agen­cies have warned against us­ing Kasper­sky soft­ware for gov­ern­ment com­put­ers and net­works.

In par­tic­u­lar, the Pentagon’s De­fense In­tel­li­gence Agency warned in March 2016 that the Rus­sian com­pany was plan­ning to sell se­cu­rity soft­ware to Amer­i­can com­pa­nies in charge of crit­i­cal in­fra­struc­ture that the in­tel­li­gence ser­vice warned could be used by the Krem­lin to gain ac­cess to in­dus­trial con­trol sys­tems. The DIA warned that use of the se­cu­rity soft­ware would weaken se­cu­rity for U.S. in­dus­trial con­trol sys­tems and so-called su­per­vi­sory con­trol and data ac­qui­si­tion soft­ware, or SCADA sys­tems.

Kasper­sky Lab has de­nied that use of its se­cu­rity prod­ucts would weaken in­fra­struc­ture con­trol cy­berse­cu­rity: “The al­leged claims are mer­it­less as Kasper­sky Lab’s prod­ucts and so­lu­tions are de­signed to pro­tect against cy­ber­crim­i­nals and ma­li­cious threat ac­tors, not en­able at­tacks against any or­ga­ni­za­tion or en­tity,” the com­pany said in a state­ment.

“We are not de­vel­op­ing any of­fen­sive tech­niques and have never helped, or will help, any gov­ern­ment in the world in their of­fen­sive ef­forts in cy­berspace,” the com­pany added.

Ru­bio

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.