Oversight

Senator wants Kaspersky out of U.S. voting systems

broken lock 

A U.S. senator has linked two of the hottest tech policy stories around – efforts by U.S. agencies to blacklist cybersecurity vendor Kaspersky Lab and concerns about the vulnerability of voting systems used by cities and states.

Sen. Amy Klochubar (D-Minn.) who sits on a committee with authority over federal elections, is concerned that Kaspersky could be in a position to provide Russian intelligence agencies access to state and local election data, by virtue of connections to computers involved in managing election activities.

"Given recent revelations regarding how Russia used Kaspersky software to breach our systems, it is important to prioritize state critical infrastructure systems in conjunction with efforts currently underway at the federal level," Klochubar wrote in an Oct. 12 letter to Acting Homeland Security Secretary Elaine Duke.

"The potential threat posed to our election infrastructure by the use of Kaspersky software appears to be significant and it is essential to ensure that future elections are safeguarded from foreign interference," Klochubar wrote.

The letter comes in the wake of the Oct. 10 release of a report from security group DEF CON warning of supply chain uncertainties that could render voting machines susceptible to hacking at scale. The report also details the ease with which hackers at a Las Vegas event this summer were able to crack into machines to which they had physical access.

In early September, the state of Virginia took the step of decertifying electronic-only voting equipment used in 22 localities in the wake of a security assessment by the Virginia Information Technology Agency.

Kaspersky Lab has been in the sights of U.S. policy makers in recent weeks. In July, Kaspersky was cut from a pair of prominent governmentwide acquisition vehicles and in September, federal agencies were ordered to stop using Kaspersky products entirely.

In her letter, Klochubar called the DHS move to ban Kaspersky products "an important first step towards addressing the potential vulnerabilities our networks face," adding, "we must also ensure that state and local government officials are aware of these threats and have the guidance and resources needed to remove Kaspersky software from their networks. This is especially necessary where officials maintain cyber networks related to critical infrastructure, like our election systems."

Klochubar's inquiry comes amid press reports that link Kaspersky Lab to a breach of a National Security Agency employee's home computer that intelligence officials said resulted in Russian hackers obtaining classified documents.

In a blog post, company founder Eugene Kaspersky suggested that the classified NSA documents may have included exploits that presented as malware to Kaspersky's anti-virus software.

It's not clear what connections Kaspersky Lab has to electronic voting machine systems, but the software is in frequent use in the background of state and local computer systems, and such systems main contain voter registration data and other election data. The company also has expressed an interest in supporting the development of secure online voting systems. In December 2016, the company awarded $18,000 to three teams of developers looking at solutions to the problem of identity verification and online voting.

"The challenges of cybersecurity mean the next generation of experts face a changing frontier – there will be plenty of things to work on and securing digital voting systems for national elections is just one example," Kaspersky said in a statement at the time.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.