and the possibility that the Trump campaign colluded with Russian operatives to gain an advantage over Trump’s Democratic opponent, Hillary Clinton.
Senators at the committee hearing voiced concerns that the Russian government might use Kaspersky’s software to infiltrate U.S. agency computers or damage broader American information networks. The intelligence chiefs said they were monitoring Kaspersky. When Sen. Marco Rubio (R-Florida) asked leaders of the agencies whether they would be comfortable using Kaspersky software, the heads of the FBI, CIA, NSA, and three other intelligence agencies all said no.
Ackerman says the underlying concerns are not limited to Kaspersky, or even to cybersecurity companies. “In this globalized economy, everyone is in favor of open trade,” he says. But the inspections and commerce system isn’t prepared to deal with the speed and diversity of goods moving among countries. Customers need to develop criteria to decide whom to trust, whether they’re buying food, microprocessors, or cybersecurity services, he says.
“You do have to look at the nation, or nations, of origin,” Ackerman says.
While Ackerman isn’t saying that Kaspersky has done anything wrong, he says it might be a pragmatic decision to choose another cybersecurity provider.
“There’s clear, irrefutable evidence that Russia is engaging in nefarious activities,” he says. There’s also good evidence that Russia collaborates with the “private cybersecurity firms” in Russia, he says.
“Anything from Russia immediately becomes suspect,” Ackerman says.
In addition to looking at the national origins of companies, people are also scrutinizing the backgrounds of cybersecurity company founders and other executives for links to other nations, Ackerman says. The concerns extend not only to U.S. national security, but also to fears that cybersecurity companies might share sensitive intellectual property with competitors in other countries, he says.
Area 1’s Falkowitz says company risk management departments are always looking into factors such as the supply chains of their vendors and other possible threats to security. But he’s uncomfortable with the idea of ruling out a business partner based on geography alone.
“I think we would take great offense to such assertions by other governments that our cybersecurity or tech companies were agents of our government,” Falkowitz says.
“To create fear around the national origins of companies is a mistake,” Falkowitz says. “There are many amazing companies here in the U.S. that were founded by people of foreign origin—Google, for example.’’
Instead, buyers should examine the merits of a company’s work, such as the standards it uses to ensure quality, Falkowitz says. Certainly, though, if company wrongdoing is uncovered, that should be brought forward, he says.
“I also don’t see anything wrong with buying American,” Falkowitz says. “There are other reasons why that might be the right thing to do—such as that the companies’ work is very good.”