News of the Force: Tuesday, August 1,
2017 - Page 3
U.S. Navy and Marine Corps
Navy veterans based at the U.S. Naval
Reserve Training Center in Cadillac, Mich. (1948-1966) will hold their
annual reunion there on Saturday.
U.S. Navy shipboard electronics experts
are reaching out to industry for new computing and sensor technologies for
active and passive sonar systems involved in surveillance, situational
awareness, and anti-submarine warfare (ASW).
Smart munitions designers at the
Lockheed Martin Corp. are starting to manufacture the U.S. military's
next-generation LRASM anti-ship missile - the Long-Range Anti-Ship Missile
(LRASM).
A U.S. Marine Corps sergeant and
volunteer track coach has been arrested in the alleged sexual assault of a
Huntington Beach, Calif., teen he was training.
And Steven Weintraub is Chief Strategy
Officer of the Veteran Tickets Foundation (Vet Tix) and a colonel in the U.S.
Marine Corps Reserve.
Homeland insecurity
Local and state government agencies from
Oregon to Connecticut say they are using a Russian brand of security software
despite the federal government’s instructions to its own agencies not to buy the
software over concerns about cyber-espionage, records and interviews show.
The federal agency in charge of
purchasing, the General Services Administration (GSA), removed Moscow-based
Kaspersky Lab this month from its list of approved vendors. In doing so, the
agency’s statement suggested a vulnerability exists in Kaspersky that could give
the Russian government backdoor access to the systems it protects, though they
offered no explanation or evidence of it. Kaspersky has strongly denied
coordinating with the Russian government and has offered to cooperate with
federal investigators.
The GSA’s move on July 11th has left
state and local governments to speculate about the risks of sticking with the
company or abandoning taxpayer-funded contracts, sometimes at great cost. The
lack of information from the GSA underscores a disconnect between local
officials and the federal government about cybersecurity.
Interviews suggest that concerns in
recent months from Congress and intelligence professionals about Kaspersky are
not widely known among state and local officials, who are most likely to
consider buying the Russian software. Those systems, while not necessarily
protecting critical infra-structure, can be targeted by hackers because they
provide access to troves of sensitive information.
U.S. intelligence chiefs told a Senate
panel in May that they wouldn't use the company’s software, during a broader
hearing investigating Russia’s alleged meddling in the U.S. presidential
election. It was not the first time Congress had heard that message: A former
U.S. official told The Washington Post that congressional
staff was advised by law enforcement in late 2015 to stop meeting with Kaspersky
representatives over national security concerns.
The GSA’s decision to no longer purchase
Kaspersky comes amid an ongoing special counsel investigation into potential
collusion between President Donald Trump’s associates and Russian officials
during last year’s presidential contest. This has complicated decisions for
local government officials who are trying to evaluate potential security risks
amid a heated political climate.
"People need to know that they can trust
software updates," said Joseph Lorenzo Hall, chief technologist at the Center
for Democracy and Technology, a digital advocacy group. About the government’s
decision, he said: "We need more public information."
In the weeks since Kaspersky’s
delisting, The Post found that it continues to be used on government
computers in jurisdictions ranging from Portland, Oregon to Fayetteville, Ga.,
where an official said they have a year-to-year contract. Kaspersky also has
been bought for use by the federal government in recent years, including the
Bureau of Prisons and the Consumer Product Safety Commission. Both agencies said
last week that they needed additional time to determine whether the software is
still in use.
To identify the agencies, The
Post reviewed state, local and federal government websites to obtain
documents that listed Kaspersky or its programs, including city council agendas,
annual agency reports and government procurement records. Officials interviewed
in nine jurisdictions all said they had bought or supported software made by
Kaspersky within the past two years. Nearly all said they had no immediate plans
to replace the software.
"We use it, and I think it works well,"
said John Morrisson, systems manager for the Connecticut Division of Public
Defender Services. "I don’t have any problems, and we don’t have any viruses.
And it’s doing the job I require of it." Morrisson said the concerns about
Kaspersky were speculative, but he said he would consider jettisoning the
Russian brand if specific vulnerabilities were identified.
In the District of Columbia, a spokesman
for the city’s chief technology officer said that most city agencies used
anti-virus software made by McAfee, a Kaspersky competitor. But District
employees who connect to the network remotely are allowed for now to use home
computers equipped with Kaspersky.
In Picayune, Miss., Kaspersky is
scheduled to be installed soon as the firewall on a new wireless system for all
public schools. Network administrator Jason Wheat said he hadn’t seen the news
about the GSA’s decision or received any warning from the state about not using
Kaspersky. But he said he wasn’t worried about the software because employee
Social Security numbers were stored on a separate server maintained by the
state.
In Oregon, Kaspersky is used with other
anti-virus software by the Portland city government to scan for malicious
emails.
Connecticut’s public defender said as of
early 2016 its office had hundreds of computers that ran Kaspersky.
And San Marcos, Texas, last month
approved a $92,744 contract for Kaspersky’s anti-virus protection; a spokeswoman
said the city has held a contract with Kaspersky for many years and renewed the
software in June before the delisting notice was issued by the U.S.
Government.
In announcing its decision, the GSA said
that its mission was to "ensure the integrity and security of U.S. Government
systems and networks"and that Kaspersky was delisted "after review and careful
consideration." The action removed the company from the list of products
approved for purchase on federal systems and at discounted prices for state
governments.
The GSA included a reference to "System
of Operational-Investigative Measures," or SORM - a national Russian
electronic eavesdropping network that the U.S. Government publicly warned about
in advance of Americans’ traveling to the 2014 Winter Olympics in Sochi, Russia.
At the time, the State Department advised travelers to assume that cell phones
could be turned into listening devices and laptops could be infiltrated if
connected to Russian networks.
The GSA statement this month said
"applicability" of SORM to Kaspersky "supported GSA’s decision to exercise the
cancellation clause."
A former senior U.S. law enforcement
official, who works in cybersecurity and spoke on the condition of anonymity,
said he thought that the reference to SORM indicated the "GSA is saying there is
some kind of vulnerability that gives the [Russian] government access."
Representatives for the FBI and the
Department of Homeland Security referred questions about Kaspersky to the GSA,
which declined to comment beyond the original statement.
Kaspersky officials declined interview
requests, referring reporters to a statement denying wrongdoing that was issued
after the GSA’s announcement. "Kaspersky Lab has no ties to any government, and
the company has never helped, or will help, any government in the world with its
cyber-espionage efforts," the company said. "Kaspersky Lab, a private company,
seems to be caught in the middle of a geopolitical fight where each side is
attempting to use the company as a pawn in their political game."
Kaspersky Lab was founded in 1997 by
Eugene Kaspersky, a decade after he had graduated from a KGB-supported
cryptography school and had worked in Russian military intelligence agencies.
The company became an international success, sometimes promoting Kaspersky’s
background in Russian intelligence. By 2010, it claimed to be the most widely
used anti-virus software in Europe. In the United States, for example, Kaspersky
was among the anti-virus software packaged with computers sold at Best Buy.
Today, Kaspersky boasts 400 million users and 270,000 corporate clients
worldwide.
Kaspersky has tried to advance the
company into potentially lucrative government markets. The company created a
subsidiary, Kaspersky Government Security Solutions, or KGSS, and began hosting
an annual cybersecurity summit in Washington, D.C. In 2015, the keynote address
at the annual conference was delivered by Michael Flynn, then the recently
departed head of the Defense Intelligence Agency who would go on to briefly
become Trump’s national security adviser. Flynn was paid more than $11,000 for
the appearance, which he initially failed to disclose this year when he joined
the White House.
The company never became a major player
in U.S. Government markets. Popular American firms, often with executives who
had their own ties to U.S. intelligence agencies, routinely beat out Kaspersky
for the largest federal contracts and defense work. Three current and former
defense contractors told The Post that they knew of no specific
warnings circulated about Kaspersky in recent years, but it has become an
unwritten rule at the Pentagon not to include Kaspersky as a potential vendor on
new projects. Another former U.S. official said that some congressional staffers
were warned by federal law enforcement officials as early as November 2015 not
to meet with employees from Kaspersky over concerns of electronic surveillance.
The officials spoke on the condition of anonymity because they were not
authorized to speak publicly about the matter.
Skepticism of Kaspersky became public in
May when a panel of U.S. intelligence community leaders testified before
Congress that they wouldn't use the firm’s software on their own computers. Sen.
Marco Rubio (R-Fla.), noted the widespread use of the software and asked, "Would
any of you be comfortable with the Kaspersky Lab software on your
computers?"
"A resounding no from me," said acting
FBI director Andrew McCabe.
CIA Director Mike Pompeo, Director of
National Intelligence Daniel Coats and National Security Agency Director Adm.
Michael Rogers also said they would not use Kaspersky.
The government’s unease about Kaspersky
follows the conclusion by U.S. intelligence agencies that Russian President
Vladimir Putin last year ordered a campaign of cyber-attacks to undermine the
election. The Justice Department has named a special counsel to investigate
possible coordination between Trump’s associates and Russian officials during
the campaign.
James Lewis, a cybersecurity expert at
the Center for Strategic and International Studies in Washington,
D.C., said, "it’s difficult, if not impossible" for a company like
Kaspersky to be headquartered in Moscow "if you don’t cooperate with the
government and the intelligence services."
Kaspersky has worked to protect its
image since the GSA decision. It said this month that it would be willing to
turn over its software source code to federal investigators.
The Senate Armed Services Committee this
month unanimously adopted an amendment by Sen. Jeanne Shaheen (D-N.H.), that
would force the government to strip Kaspersky from any government systems
connected to defense networks. In a statement, Shaheen said the Trump
administration and Congress should go further and require all government systems
to drop Kaspersky. "The ties between Kaspersky Lab and the Kremlin are very
alarming," Shaheen said.
Today in history
On this date in 1831, the new London
Bridge opened. In 1876, Colorado was admitted as the 38th U.S. state.
In 1961, the first ever Six Flags amusement park opened in Texas. In 1978, Pete
Rose's date with destiny was stopped as his hit streak ended at 44. In 1980,
Iceland voters elected Vigdis Finnbogadottir as their first ever female
president. In 1981, MTV, the American network broadcasting music videos was
launched on TV in New York City. In 2011, the HSBC bank announced cuts to
5,000 jobs, as well as an additional 25,000 in 2013.
The parting shots
Rapper Artis Leon "Coolio" Ivey, Jr., is
54 years old today. And today is the birthday of rock guitarist and
singer Jerry Garcia ("The Grateful Dead") (1942-1995).
Temporary air conditioning units
delivered to the City Workhouse in St. Louis, Mo., after protests over hot
conditions are now making it too cold for some inmates, according to the mayor's
office. "There have been multiple complaints from inmates that the facility is
too cold following the city's setting up of temporary air conditioning at the
facility," said Koran Addo, Mayor Lyda Krewson's spokesman. One inmate has been
sent to administrative segregation after using a broom handle to try to damage a
vent blowing cool air into the dormitories, Addo said. The city spent more than
$75,000 on temporary air conditioning units, which were delivered to the
facility on July 24th. Five units from TempAir, ranging from 25 to 50 tons, were
installed in the older sections of the jail. The expectation was that the units
would cool the temperature to about 78 degrees in the facility, more formally
known as the St. Louis Medium Security Institution. It wasn't immediately clear
how low the temperature was getting in particular areas.
A self-described "email prankster" in
the U.K. fooled a number of White House officials into thinking he was other
officials, including an episode where he convinced the White House official
tasked with cyber security that he was Jared Kushner.
There's never a good time to discharge
black sewer gunk into Niagara Falls. But doing it on a beautiful Saturday
afternoon at the height of tourist season may be the worst timing ever.
And Nia Long has joined the cast of CBS'
veteran crime drama series NCIS: Los Angeles as a series
regular. She will be introduced in the upcoming ninth season.
Page 3