Government’s Kaspersky Use Still a Mystery, Even After Ban

Congress and Homeland Security are still grappling with the extent of the Russian cybersecurity firm’s presence on federal systems.

AP Photo/Raphael Satter
Sept. 18, 2017, 8 p.m.

Despite the blanket ban issued last week on the U.S. government’s use of products from Russian cybersecurity firm Kaspersky Labs, there’s still broad uncertainty over how widespread the use of the potentially compromised software is on federal networks.

That’s not true for all agencies, some of which were able to provide an accounting of Kaspersky’s presence on their systems. The Transportation Department and the Environmental Protection Agency, for example, were both able to confirm that Kaspersky software was not deployed on their networks. A State Department spokesman told National Journal that the agency entered into three contracts for Kaspersky antivirus software since fiscal 2012, which together totaled less than $9,000. The spokesman added there were no confirmed instances of Kaspersky software loaded onto the State Department’s OpenNet enterprise network, which links together the department’s various computer systems around the globe.

But other agencies are a virtual black hole when it comes to Kaspersky, a popular Moscow-based company suspected of threatening U.S. network security through its alleged close ties with Russian intelligence agencies. Citing “operational security,” a Defense Department spokeswoman said the Pentagon could not answer questions regarding its use of Kaspersky products or services. The Treasury Department did not respond to a request for comment, and the Department of Justice declined to comment (though evidence from a federal website that tracks government spending indicates that over the past two years, the Justice Department has entered into several contracts with Kaspersky worth hundreds of thousands of dollars in total).

Even the agency spearheading the Kaspersky ban seems unclear about the Russian firm’s presence on its own networks. In last Wednesday’s government-wide order, the Homeland Security Department laid out a plan for each agency to identify any Kaspersky Labs products on its networks over the next 30 days. But when asked if Homeland Security had spent money on Kaspersky in the last five years, or if any sub-agencies were currently operating Kaspersky products, a DHS official told National Journal that the department “will follow its own guidance and complete the process required to identify the use of these products. If any are found, DHS will develop a plan as directed.”

The ongoing uncertainty is not for want of asking. Lawmakers have been seeking answers on the use of Kaspersky by federal agencies since at least May, after top U.S. intelligence officials told the Senate Intelligence Committee they would be uncomfortable using the firm’s software on their networks. Later that month, then-Homeland Security Secretary John Kelly admitted his department was likely running Kaspersky on some of its systems, prompting Democratic Sen. Joe Manchin to demand a complete report on the Russian company’s presence at Homeland Security. In late July, Rep. Lamar Smith, the chairman of the House Science, Space, and Technology Committee, put in a similar request to each of the Cabinet-level agencies.

But a Smith spokeswoman says the chairman has so far only received responses from some federal agencies (she didn’t say which). Manchin’s office did not respond to repeated requests asking whether the senator has received the promised Homeland Security report. And a DHS spokesman confirmed that despite the ban, the department does not yet have information on the full extent of Kaspersky use across the federal government.

David O’Brien, a senior researcher at Harvard University’s Berkman Klein Center for Internet and Society, believes most federal agencies won’t have a complete record of their use of Kaspersky products for some time. “I look a little bit skeptically at having hard and fast numbers in a 30-day period, or within a couple of months,” he said, adding that most federal networks are sprawling, byzantine entities that will take some time to comb through thoroughly. He also noted that old procurement documents will paint only a partial picture, since agencies are likely to have purchased hardware containing pre-installed Kaspersky products or contracted with third-party vendors who still use Kaspersky. Just from knowing how disorganized government IT can be, my guess is it’s going to take much longer than they think,” he said.

But there are still steps agencies can take to prevent unwanted espionage while they work to find and remove Kaspersky products. “Just because the software is on the system doesn’t mean that the risks that it poses can’t be mitigated in some other way,” O’Brien said. Agencies will need to monitor network traffic in real time, and perhaps add additional layers to their cybersecurity systems, while they expunge Kaspersky from their networks, he said.

In the meantime, Congress plans to continue pressuring federal agencies on Kaspersky. A provision in the National Defense Authorization Act is set to codify the Kaspersky ban into federal law. And Jeanette Manfra, the acting DHS deputy undersecretary of cybersecurity and communications, is slated to testify before the House Science Committee on Sept. 27. A committee spokeswoman said one key question at the hearing will be the extent to which the federal government uses Kaspersky products.

Eugene Kaspersky, the Russian-born founder of Kaspersky Labs, is also set to testify before the House committee on Sept. 27. Kaspersky has vehemently denied any untoward connection between his firm and the Kremlin, instead blaming rising international tensions and Russophobia for the crackdown against his company.

What We're Following See More »
White House Gives Up, Restores Acosta's Press Pass
7 hours ago

"The White House on Monday said that CNN correspondent Jim Acosta's press pass has been 'restored,' bowing to days of pressure and a federal lawsuit against the administration. CNN signaled that it would drop the ongoing litigation over Acosta's access to the White House."

Troops at Border to Begin Withdrawing
7 hours ago

"The 5,800 troops who were rushed to the Southwest border amid President Donald Trump’s pre-election warnings about a refugee caravan will start coming home as early as this week — just as some of those migrants are beginning to arrive. The timing is bound to fuel renewed accusations that the entire exercise amounted to a ploy by the president to use active-duty military forces as a prop to try to stem Republican losses in this month’s midterm elections, despite the absence of any legitimate threat to U.S. national security."

DeGette Drops Bid for Majority Whip
11 hours ago
Nelson Concedes as Scott Takes Florida Senate Seat
1 days ago

"Democratic Sen. Bill Nelson has conceded Florida’s Senate race to his Republican opponent Gov. Rick Scott following a hand recount. ...While there is a run-off still to come in Mississippi, the Scott win makes it most likely the Senate Republicans will hold a 53-47 majority in the 116th Congress."

Trump Says He's Completed Answers to Mueller's Questions
3 days ago

Welcome to National Journal!

You are currently accessing National Journal from IP access. Please login to access this feature. If you have any questions, please contact your Dedicated Advisor.