Nation States and IT Vendors
You may have seen recent reports about US government concerns about Kaspersky Lab, the cyb
The concern centers around potential ties between the cyber security firm and the Russian government, obviously magnified by the revelations surrounding Russian government hacking related to the 2016
Bloomberg Business Week has published articles that state that Kaspersky Lab has ties to the Russian intelligence agency, the FSB. This concern has reached the level that the General Services Administration (GSA) has removed Kaspersky Lab as an approved vendor for use by the US government. Following on this, efforts are underway to ensure that no Kaspersky Lab software is installed on any US government computer systems.
It needs to be noted that both Kaspersky Lab and the Russian government both deny these assertions. Kaspersky Lab has issued a multi-point denial of the allegations that have been identified in the Bloomberg Business Week article.
It should also be noted that this is not the first time a foreign government has been accused of potential ties to a technology company that could have national security implications. When the Chinese firm Lenovo purchased the former IBM PC and server business units, the US government removed Lenovo from the list of GSA approved hardware vendors. The concern was that the Chinese government could have influence over Lenovo and have it install components that could theoretically have capabilities that would allow the Chinese government to spy on anyone using one of their computers.
As with the current situation with Kaspersky Lab, there are concerns, but those concerns have not been validated with actual findings supporting the concerns. This is tricky territory. I do not mean to say that the concerns are unfounded, nor that the concerns are valid.
There is irony with each of these cases. Almost every computer manufactured in the world today has at least some manufacturing capability that comes through China. While a hardware or software firm may be based in a country that generates national security concerns for the United States, theoretically a software company anywhere in the world could be involved in collusion with a foreign power.
While there are political implications here, we should be cautious and rely on fact not conjecture. We will see how these concerns play out in the coming weeks and months. For now, if your business has concerns about specific vendors like these, you should review your business practices and determine whether a change in vendor would be appropriate to alleviate these concerns. I’ll keep you posted if I learn more about either of these examples.