Does the European Union rehabilitate Kaspersky? It seems so, but without fuss ...

(To Alessandro Rugolo)
23/04/19

It is very interesting to note how the European Union, driven by the sacred fire of the cyber defense, has been pushed in the past in stormy waters.
These days an article signed by Pierluigi Paganini on Security Affairs in which justice is done to the Russian company Kaspersky, accused by the European Parliament of producing recognized dangerous systems, reads in fact in the "Report on cyber defense" n. A8-0189 / 2018 of the last 25 May 2018 (page 19 and 20, v.link):
"Calls on the EU to perform comprehensive review of software, IT and communications equipment and infrastructure in institutions in order to exclude potentially dangerous programs and devices, and to ban those that have been confirmed as malicious, such as Kaspersky Lab" .

The Report, very interesting in many aspects, in particular because it gives evidence of the European programs being developed in the cyber sector, has been criticized by various States that have not found espionage activities conducted by Kaspersky software against customers (at least nothing different from what everyone does, gathering information and analyzing for the purpose of preventing and identifying cyber threats).

The report was still the object of interest from a Belgian European deputy, Gerolf Annemans, who last March 6 asked for explanations relating to what was stated in the Report:

“Designing programs and companies as 'dangerous' from the point of view of cyber defense.
On 13 June 2018, the European Parliament adopted a Resolution on cyber defense. Paragraph 76 names a private business, namely Kaspersky Lab, whose programs are 'dangerous' and even 'malicious', without any further explanation.
1. Does the Commission know how to label it as dangerous, or because it is dangerous?
2. Kaspersky were discussed with a view to an EU ban?
3. Does the Commission have any reports or opinions of cyber experts or consultancies about Kaspersky Lab, and can it give me references to them? "

Stimulating in fact the written reply of the European Commission that with the answer n. P-001206 / 2019 (ASW) had to back off by actually claiming they were wrong.

The Commission replied "... Kaspersky Lab products are not available to the public." the EU market.The EU is an open market, which can be accessed by foreign companies in compliance with EU rules.In addition, Member States have the power to decide whether to exclude companies from their markets for national security reasons. published about the issue raised by the Honorable Member, the commission did not commission any reports. "

Now, I would like to dwell on some considerations:
- following the 2018 report, several European countries have banned Kaspersky products from their national market, as is the case in the UK, Lithuania and the Netherlands. The Report of the 2018 in fact left no room for doubt. The behavior has therefore caused damage to the Kaspersky Company which will probably claim its reasons elsewhere (perhaps legal?);

- the Commission's response clearly indicates that there is no evidence, contrary to what was previously stated, but adds that no Report will be commissioned to investigate the matter, relegating it to "problem solved, not worthy of other advertising ...", which at least doubtful. In fact, whether the error occurred initially indicating kaspersky Lab as untrustworthy, whether the error is committed recently, it would be logical to give rise to insights that should be made public as there could be consequences for cyber security of the member countries (whether or not to use a product means in fact to do security policies and not only !!!);

- there is a lot of talk about China and Russia products and alleged "security issues" linked to the collaboration between companies and states of mutual belonging (see Huawey and Kaspersky, just by way of example) but we don't talk at all about what is happened over time with products of western producers and the alleged espionage acts performed by them, why? If the interest is really to protect oneself, then in the list of the EU Cyber ​​Report could be included many other "suspects" ...

All this to say that, perhaps, it is opportune to deepen and pay attention to hasty judgments, often harbingers of wrong decisions and to which it is not always possible to cope simply by grafting backwards. Sometimes the lack of (undeserved) trust can cause wounds that are difficult to heal.

To learn more:

- https://securityaffairs.co/wordpress/84022/breaking-news/european-commis...
- http://www.europarl.europa.eu/doceo/document/A-8-2018-0189_EN.pdf?redirect
- http://www.europarl.europa.eu/doceo/document/P-8-2019-001206_EN.html
- http://www.europarl.europa.eu/doceo/document/P-8-2019-001206-ASW_EN.html

Photo: web