​Memo to Intel Heads - Be Careful With Outsourcing (as in Kapersky Labs)

​If Hillary Clinton showed up at your door in slacks and a work shirt with a tool box and said she was going to fix your server in your basement that you use for your online business selling wool yarn, would you feel secure? No? How about Rex Tillerson? With a nifty little cap on to boot? Wait, how about James Comey, towering over you, standing there smiling coldly, just a step from your transom?

Or finally, Michael Hayden, looking like an evil but friendly Maytag Repairman? (It's an ad from many, many years ago ... don't worry about it).

The point being that someday soon if not right now, any Secretary of State, and especially any FBI or NSA or other intel director or head is going to have to be reasonably versed in the nuts and bolts - or XOR gates and Hash Algorithms to be more specific - of cryptography. And they certainly will have to be versed in who is running their cloud servers. And how to ensure that such outsourcing is being done safely. Yes, one would assume that Hayden knows a fair bit about cryptography. And he is also the former NSA Director who back in 2001 began outsourcing their data operations in order to focus on their core mission of signals intelligence.

Which brings us to the point about the cyber arms race America is in right now with China, Russia, North Korea, and arguably even Islamic terrorist groups like ISIS, even if that mostly takes place in social media. America's intel agencies are desperate for tech talent. At least that's what they're publically saying. As reported in Real Clear Politic's Real Clear Defence, intel agencies are desperate to attract the right talent to "enable your innovation to get to my desktop sooner" in the words of National Geospatial Intel Agency Head Robert Cardillo. Or as NSA head Adm. Rogers said, "How do you sustain the workforce with the skills they need for the challenges that keep changing?"

But careful with outsourcing. For example, did you know that American government agencies use Kapersky Labs products with their information systems? And Kapersky Labs is a very Russian firm with apparent ties to Putin's Kremlin and his resucitated military-industrial complex. The Russian complex, just to be clear. And after a review this summer, it now appears that just in the last few minutes, the Department of Homeland Security has requested all U.S. government agencies to identify any products from Kapersky Labs they may be using, in order to purge them. This on orders from the White House apparently.

So yes, America is indeed in a cyber arms race with many of the same old adversaries that still have nuclear arsenals. And a few new ones as well. That means one has to be disciplined and very secure that any information system or data storage or any cyber function you outsource will not result in breaches in the physical and cyber integrity of America's key information systems. It's not an easy task, as DHS has found out. And to be fair to General Hayden, the Eagle Alliance (with companies like Computer Sciences Corporation - now CSRA - and Northtrop Grumman) which he farmed out operations to, is no Kapersky Labs. But they should be monitored as if they were. We're in a cyber arms race after all.

Posted by Keeley at September 13, 2017 6:59 PM
Comments
Comment #419823

Caution is always good, but Eugene Kaspersky is not friendly to Putin and the POS puppet installed here:

https://www.youtube.com/watch?v=R2YU94KM2-c

Russia Arrested Kaspersky Senior Manager On Treason Charges:

https://www.youtube.com/watch?v=n5tg_oxhc3g

Posted by: ohrealy at September 13, 2017 9:04 PM
Comment #419843

We should all be informed by “youtube”. Pity our national security heads don’t know this.

Posted by: Royal Flush at September 14, 2017 3:08 PM
Comment #419894
For example, did you know that American government agencies use Kapersky Labs products with their information systems? And Kapersky Labs is a very Russian firm with apparent ties to Putin’s Kremlin and his resucitated military-industrial complex.

Yes I did know that non-existent Keeley. I referenced it last month:

Comment #419135
I found this annotated Steele Dossier via a sub-reddit. I’m curious what anyone here, those with normal functioning brain anyway, think about Kaspersky’s denials of any involvement with the russian government, considering the Bloomberg report that Flynn was also paid by Kaspersky. Bloomberg

Posted by: ohrealy at August 7, 2017 10:40 PM

Posted by: ohrealy at September 16, 2017 12:38 PM
Post a comment