An August report by Endgadget claims the FBI has been meeting with companies to warn them of the threat posed by the cybersecurity firm Kaspersky Lab. In view of the cyberattacks that crippled the Ukraine's power grid in 2016, the FBI has reportedly focused its briefings on companies in the energy sector. Although, it has also supposedly met with major tech firms as well.
The FBI’s goal seems to be to have U.S. firms push Kaspersky out of their systems, the current and former officials say.
The FBI’s counterintelligence section has been giving briefings since the beginning of the year on a priority basis, prioritizing companies in the energy sector and those that use industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems.
The revelations follow a wave of allegations against Kaspersky Lab by the U.S. government. As recently as June, a draft version of a Senate bill proposed barring the Defense Department from doing business with the company. Then, in July, a Congressional panel ordered multiple government agencies to hand over their documents and communications about the cybersecurity software provider.
FBI officials also raise the issue of Russia’s increasingly expansive surveillance laws and what they charge is a distinct culture wherein powerful Russian intelligence agencies are easily able to reach into private sector firms like Kaspersky with little check on government power.
Of particular interest are the Yarovaya laws and the System for Operative Investigative Activities, among others, which mandate broad, legally vague and permissive Russian intelligence agency access to data moving inside Russia with retention periods extending to three years. Companies have little course to fight back. U.S officials point to the FSB, the KGB’s successor, as the cryptography regulator in Russia, and says it puts an office of active agents inside Russian companies.
In a statement it released, the firm said: "Kaspersky Lab, and its executives, do not have inappropriate ties with any government." It's a stance the company has reiterated multiple times to no avail.
On the positive side, Kaspersky has been helpful in cleaning up infections from cyberattacks like NotPetya. Still, we urge caution in using the company’s products. It is unprecedented for the FBI to warn companies about a particular piece of software, and there is no need to take the risk if you can find a viable alternative.
The best advice is to find a trusted advisor to help your company stay protected and to use quality, vetted hardware and software vendors.
Edited by Ken Briodagh