Editor’s Note: See, Does Use of Huawei or ZTE Equipment/Services Trigger SEC Cyber Risk Disclosure Requirements?
From: Federal News Radio
By Jason Miller
***
“In order to properly assess any risk posed by Kaspersky Lab products to the federal government, one must first understand the technical nature of those products themselves. As with many other information and communication technologies (ICT), vendors and service providers, Kaspersky Lab remotely administers its services on client networks. Moreover, the very nature of Kaspersky Lab’s security product offering is to provide constant and complete network monitoring to prevent and/or detect cyber intrusions and the harmful effects of malicious software,” Sean Kanuk, the director of Future Conflict and Cyber Security at the International Institute for Strategic Studies and a former National Intelligence Officer (NIO) for Cyber Issues in the Office of the Director of National Intelligence, told the subcommittee at yesterday’s hearing. “Discussions regarding the potential to introduce surreptitious ‘back doors’ into Kaspersky Lab software are largely a moot point, because a well-known — and explicitly marketed feature — of the product offering is a wide open ‘front door’ for Kaspersky algorithms and technicians to not only view corporate network activity (including files and traffic flows) but also to issue remedial instructions to computers on the networks they protect.”
***
DHS issued a supply chain risk management framework for the continuous diagnostics and mitigation program in July as part of a growing effort to ensure confidence in cyber products.
Leave a Reply