Since February 24, 2022, our world has been a different one. In the night of that day, Russian soldiers invaded the border with Ukraine and started a terrible war of aggression, which has been going on for two weeks now. With the Ukraine war, not only President Vladimir Putin stands in a completely new light, showing his true face. Other state organs of the Russian power apparatus must now also be seen with different eyes. In particular, the issue of cyber security plays a major role. Accordingly, politicians are increasingly demanding that security software made in Russia be completely reevaluated. There is a suspicion that applications such as the well-known Kaspersky antivirus could possibly pose a risk for Russian cyberattacks.
Many question marks
Russia’s ongoing war of aggression against Ukraine has far-reaching implications that move politics and society. This is by no means unique to the relationship between Russia and Ukraine, but affects the entire globe. Finally, Russia’s actions have created general uncertainty not only about the Russian power apparatus, but also about companies in Russia. This is especially true for security software such as antivirus from renowned developer Kaspersky Lab. If the statements of politicians are to be believed, users of this application need not worry. Currently, there are no serious security concerns. Nevertheless, it is important to be cautious, as the situation could change quickly.
Among others, Jens Zimmermann (SPD), a member of the Bundestag who specializes in digital policy, emphasized this to colleagues at heise online:
“Even if there has been no reason to warn against Kaspersky products in Germany so far, Russia’s war against Ukraine, which is against international law, has called almost all security into question.”
Can Kaspersky be trusted?
Apparently, the other factions of the Bundestag seem to share Zimmermann’s opinion. Thus, Manuel Höferlin (FDP), domestic policy spokesman for the Bundestag parliamentary group, also made it clear that only absolutely secure applications should really be used. In particular, it is necessary to obtain assurance that the developers will be
“not compromised from the outside, for example by governments or intelligence agencies…”
You can’t really have that assurance with programs from Russia for what feels like years. After all, it has always been an open secret that cyberattacks on the West directed from the Kremlin have taken place on a regular basis. This has affected the Bundestag, among others, but also other high-ranking ministries and authorities. Accordingly, he said, it was essential to
“put a big question mark behind Kaspersky and other companies originating from Russia…”
In order to obtain appropriate security, the applications would have to be examined by experts for their security. This is where the Federal Office for Information Security (BSI) should come into play. Until then, Höferlin is emphatic with every user of Kaspersky and Co. who only uses the software with a stomachache.
IT security is important
Since the problem of cyber security is also becoming increasingly important in Germany, the government faction around the SPD, the Greens and the FDP would like to attach greater importance to it from now on. One instrument for this could be, for example, the obligation for public authorities to take part in appropriate further training on IT security at regular intervals. Furthermore, according to Höferlin, possible weak points should be identified within the framework of so-called security audits. If only to facilitate this procedure, it would be advisable to use standardized software. In view of the current situation, it is doubtful whether Kaspersky will be used.
European IT must become self-sufficient
If there is one thing the war in Ukraine has made clear to us Germans, it is our dependence on Russia. At the moment, it is enough to look at the skyrocketing price tags on gas pumps to see that. When the next heating bill arrives in a few months, many people will be in for a shock. So it’s hardly surprising that the German Minister for Economic Affairs and Climate Protection, Robert Habeck (Greens), emphasized just last week how important self-sufficient energy production is for Germany.
While independence from Russian oil and gas could be very difficult, not relying on Russian security software is unlikely to be too much of an obstacle. IT lawyer Dennis-Kenji Kipker from Bremen also advises sovereign development of security software. This, he says, is the best way forward. Nevertheless, it would be disproportionate at present
“To exclude the use of Kaspersky products per se and unreflectively.”
For this, in his view, there is simply a lack of evidence that Russian security software serves as a gateway for Russian cyberattacks.
No-spy clause is virtually useless
The all-clear also comes from Matthias Schulze, who works at the Stiftung für Wissenschaft und Politik. The security policy expert stresses that no criminal machinations by Russian security software are currently known about. In theory, an act of espionage by Kaspersky Lab or other Russian software manufacturers would also have serious legal consequences. This is ensured by the so-called “no-spy clause”, which was brought into being in 2015. Under this clause, software developers must guarantee that there is no cooperation with a foreign intelligence service. However, this assurance is probably more of a symbolic act. Politicians are also well aware of this. In 2018, for example, the Federal Ministry of the Interior itself doubted the effectiveness of the clause.
“…that German personal data or data of German security authorities will not be transferred abroad by means of foreign software…”
is in fact difficult to prove.
Obviously, not only the difficult traceability of a transfer of data is to blame. On top of that, the federal government has criminally neglected to check appropriate software until 2018. As has become known, the BSI had only checked Windows 10 for security up to that point. When a review of Kaspersky followed in the same year, the verdict was positive:
“The BSI still has no findings that prove manipulation of Kaspersky software.”
Unanswered questions from heise online
Since many questions about cybersecurity naturally arise in this area, our colleagues at heise online have followed up with both the Ministry of the Interior and the BSI. So far, there have obviously been no answers to their extensive catalog. Since these have a certain explosive nature and concern, for example, the effectiveness of the “no-spy clause”, one can certainly understand this. A question about which program the ministries themselves use has certainly been omitted by heise online. After all, it is a big secret which programs BMI and BSI rely on.
Insight into source code is without alternative
IT lawyer Kipker also considers the no-spy clause to be virtually useless, calling reliance on it
“more than naive”
In doing so, he clarifies that while the clause could bring legal consequences for the companies, they are also usually obligated to their country of origin to act in a certain way. In the case of Kaspersky, which is based in Russia, it would certainly be advisable for the company to act in accordance with the Russian power apparatus rather than abide by the no-spy clause. After all, the consequences of Russian justice are likely to be far more severe. This makes it all the more important that an authority such as the BSI be allowed to inspect the corresponding source codes of such programs. Kipker once again emphasizes the special role of Russia. After all, Russia has repeatedly attracted attention with suspected cyber attacks in the past.
Kaspersky’s proximity to Russian intelligence
If you take a look at Kaspersky’s company history, it quickly becomes clear that the company can by no means deny its proximity to the Russian secret service. Founder Eugene Kaspersky graduated from the KGB – the Soviet Union’s secret service at the time – at the end of the 1980s. As if that wasn’t enough, following his studies he worked at a scientific institute that focused on espionage. Nevertheless, to this day Kaspersky vehemently denies that he is a tool of the Kremlin.
Instead, the Russian company appears to be a true leader in the security software space when it comes to transparency. Indeed, Kaspersky Lab has made its own source codes openly available to government institutions worldwide since 2018. This also applies to updates that are subsequently released in order to ensure maximum security. The so-called “global transparency initiative” is rounded off with Kaspersky’s server location. Namely, the collected data is all supposed to be stored in Switzerland – there is hardly a more neutral country.
Kaspersky makes no statement on Ukraine war
Like many other well-known Russian companies, Kaspersky Lab is now naturally caught in the crossfire of many media outlets. For example, the magazine “Motherboard” asked the developer about the issue. When asked for a statement on the war, the developer replied rather neutrally:
“As a technology and cybersecurity service provider, the company is not in a position to comment on or speculate about geopolitical developments outside its area of expertise”
In doing so, Kaspersky is clearly hiding its light under a bushel when the company claims to have nothing to do with the war at present. For example, the service provider is currently ensuring that the website of the Russian Ministry of Defense cannot be accessed from abroad. From the strategic point of view of the Russians, this is quite understandable. After all, this could provide a gateway for foreign hackers.
No replies yet
Neue Antworten laden...
Neues Mitglied
Beteilige dich an der Diskussion in der Basic Tutorials Community →