Senator wants Kaspersky out of U.S. voting systems

broken lock 

A U.S. senator has linked two of the hottest tech policy stories around – efforts by U.S. agencies to blacklist cybersecurity vendor Kaspersky Lab and concerns about the vulnerability of voting systems used by cities and states.

Sen. Amy Klochubar (D-Minn.) who sits on a committee with authority over federal elections, is concerned that Kaspersky could be in a position to provide Russian intelligence agencies access to state and local election data, by virtue of connections to computers involved in managing election activities.

"Given recent revelations regarding how Russia used Kaspersky software to breach our systems, it is important to prioritize state critical infrastructure systems in conjunction with efforts currently underway at the federal level," Klochubar wrote in an Oct. 12 letter to Acting Homeland Security Secretary Elaine Duke.

"The potential threat posed to our election infrastructure by the use of Kaspersky software appears to be significant and it is essential to ensure that future elections are safeguarded from foreign interference," Klochubar wrote.

The letter comes in the wake of the Oct. 10 release of a report from security group DEF CON warning of supply chain uncertainties that could render voting machines susceptible to hacking at scale. The report also details the ease with which hackers at a Las Vegas event this summer were able to crack into machines to which they had physical access.

In early September, the state of Virginia took the step of decertifying electronic-only voting equipment used in 22 localities in the wake of a security assessment by the Virginia Information Technology Agency.

Kaspersky Lab has been in the sights of U.S. policy makers in recent weeks. In July, Kaspersky was cut from a pair of prominent governmentwide acquisition vehicles and in September, federal agencies were ordered to stop using Kaspersky products entirely.

In her letter, Klochubar called the DHS move to ban Kaspersky products "an important first step towards addressing the potential vulnerabilities our networks face," adding, "we must also ensure that state and local government officials are aware of these threats and have the guidance and resources needed to remove Kaspersky software from their networks. This is especially necessary where officials maintain cyber networks related to critical infrastructure, like our election systems."

Klochubar's inquiry comes amid press reports that link Kaspersky Lab to a breach of a National Security Agency employee's home computer that intelligence officials said resulted in Russian hackers obtaining classified documents.

In a blog post, company founder Eugene Kaspersky suggested that the classified NSA documents may have included exploits that presented as malware to Kaspersky's anti-virus software.

It's not clear what connections Kaspersky Lab has to electronic voting machine systems, but the software is in frequent use in the background of state and local computer systems, and such systems main contain voter registration data and other election data. The company also has expressed an interest in supporting the development of secure online voting systems. In December 2016, the company awarded $18,000 to three teams of developers looking at solutions to the problem of identity verification and online voting.

"The challenges of cybersecurity mean the next generation of experts face a changing frontier – there will be plenty of things to work on and securing digital voting systems for national elections is just one example," Kaspersky said in a statement at the time.

About the Author

Adam Mazmanian is executive editor of FCW.

Before joining the editing team, Mazmanian was an FCW staff writer covering Congress, government-wide technology policy and the Department of Veterans Affairs. Prior to joining FCW, Mazmanian was technology correspondent for National Journal and served in a variety of editorial roles at B2B news service SmartBrief. Mazmanian has contributed reviews and articles to the Washington Post, the Washington City Paper, Newsday, New York Press, Architect Magazine and other publications.

Click here for previous articles by Mazmanian. Connect with him on Twitter at @thisismaz.


  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.