[ad_1]
At this conclusion, computer security expert Brenno de Winter, after extensive research and a WOB application, presented jointly with KRO / NCRV and Kaspersky Lab. "The government's so-called precautionary measure is detrimental to all concerned," concludes De Winter in his research report. "So, for the Dutch government, for companies, for citizens and of course for Kaspersky Lab itself."
"Too many security risks"
In May this year, the government decided to no longer buy antivirus software from the company. to take. Minister Grapperhaus talked about it in the Pauw program. According to the government of the time
this software was in fact a "too great risk for security". Russian legislation requires companies such as Kaspersky Lab to cooperate with the Russian government. Russia also has an active cyber offensive program focused on the Netherlands and its vital interests, "said Minister Grapperhaus. "The combination of these factors means that the government concludes that the risk of digital espionage and sabotage is present in the national government and the vital sector."
Conclusion based on quicksand
The company's antivirus software was therefore added to the government. But this conclusion is based on quicksand, concludes De Winter, after having been deeply immersed in the subject. According to him, the government went too fast to the decision. He even qualifies the argument as "unfounded" and thinks that the government is failing not only to itself, but also to citizens and businesses by no longer relying on Kaspersky Lab's knowledge and expertise. for a safer digital society.
"The Netherlands has great ambitions in the field of innovation and information security," De Winter said. "This sets the bar high for making heavy decisions with great caution and motivation." And according to him, it did not happen at all. Just look at the company's newly opened Transparency Center in Zurich. "An effective way to deal with facts and emotions," says De Winter.
The company is right in front of
The main argument cited by the government in May to ban the software was: "this antivirus software is deeply in a system". This is possible, but of course, this does not automatically mean that extensive access to espionage and sabotage is possible, De Winter concludes.
On Monday, November 19, Brenno de Winter explains why he thinks that a reconsideration of the decision made by the government is warranted and the interest of all. Sign up for the webcast
read more
In fact, he says: "The mandatory control measures applied by governments and companies, as well as the extensive testing of the software, make it possible to manage all risks." Kaspersky Lab proves endlessly that software and procedures – in terms of security – are at stake. This even affects many other providers. "
The effects extend far
In his report, De Winter immediately admits that 39 is mainly Kaspersky Lab itself who is suffering from the government's decision not to be able to provide antivirus software to the provider. government. But the effects go much further than that, he says. For example, a good working relationship has been established with the Dutch police to combat cybercrime. This cooperation is at a standstill.
At least three major criminal cases are affected. One case had just been started, another case involved a longer-term investigation and a third had been temporarily suspended . In these cases, the expertise of Kaspersky Lab can no longer be used.
Similar expertise can be obtained elsewhere, but it is very expensive. Of course, only the question "how interesting it is for companies to offer services to a relatively small country like the Netherlands", especially after this cabinet decision. After all, you can lie down as well, according to De Winter
Preventing Danger
According to the computer security analyst, the decision presents more danger. For example, in 2014, the National Cybersecurity Center (NCSC) made explicit reference to our country's vulnerability to espionage through targeted, advanced and ongoing attacks, known as persistent persistent threat .
Such an APT is just one of Kaspersky Lab's specialties, according to De Winter. "Exactly this type of information, knowledge and assistance critical in the time, are important in the incidents, in the fight against spying and sabotage and in securing the knowledge necessary for our digital ambitions. "
Or look at the notorious NotPetya malware. "With the advent of this malicious software, Kaspersky Lab, among others, was able to provide information quickly and accurately. This incident, which disrupted a container terminal in the port of Rotterdam, had a huge impact. In addition to corporate sector disruptions, damage based on conservative NotPetya estimates amounts to more than $ 1 billion. "
Ransomware cooperation has also become more difficult after the government's decision, writes De Winter." Now that the working relationship between the government and Kaspersky Lab has stopped, it means that the victims Digital attacks are less likely to recover their files. "
A precautionary measure with far-reaching consequences
The Cabinet announced its decision a" precautionary measure "from After all, no incident had preceded it, but since then, an image has appeared: "Where there is smoke, there is fire," writes De Winter. even the suppliers and partners of Kaspersky Lab are concerned.
It is not surprising that the company suffers. "For a company that focuses on protection against malware, espionage and sabotage, c & # 3 9 is precisely the accusation that it is used for this type of purpose – although no examples are known about it. "
That could have been very different
And in fact, it could have been very different, concludes De Winter. If the firm, for example, had used it again. Or communicated with more nuance. Kaspersky Lab also provided the government with access to its software source code. All to show that it means nothing wrong.
Upon De Winter's re-enactment, he says "an image of selective argumentation". For example, the methodology used for risk analysis is not clearly defined. There are also no predetermined evaluation criteria for anti-virus software. "And sometimes even the facts are not displayed correctly."
According to the computer analyst, Russian legislation is not so special as that either. The United States and the Netherlands, for example, also have legislation on espionage that companies may request to cooperate. But that Kaspersky Lab is not a Russian company, but rather a British holding company. By transferring data processing for European customers and software assembly in Switzerland, it is also more difficult for the Russian Federation to abuse Kaspersky Lab software, if they so wish.
According to De Winter, the company is described as an "effective jammer". In many operations, the company exposes Russian operations without hesitation, regardless of the origin of the attack. "The company uses a policy" malware is malware ", regardless of its origin."
Unfounded decision
In short, he concludes: "I would advise the government to reconsider its decision to phase out anti-virus software.This decision of May 2018 does not benefit the security of our country. Moreover, the arguments put forward are unfounded. "
In fact, warns De Winter, other companies might well fear the government's" precaution. " "The decision justifies the fear that they too are completely excluded without further refutation and that society is publicly warned."
A situation that we should not all want, he said. Always in the interest of the whole world of business. But if the warning has an effect? It will take time when several politicians have evaluated Brenno de Winter's research report.
On Monday, November 19, Brenno de Winter explains why he thinks the review of the government's decision is fair and in everyone's interest. Sign up for the webcast
read more
Source link
