It is very interesting to note how the European Union, pushed by the sacred fire of cyber defense, has been pushed in the past in stormy waters.
These days an article signed by Pierluigi Paganini on Security Affairs in which justice is done to the Russian company Kaspersky, accused by the European Parliament of producing systems recognized as dangerous, we read in fact in the "Report on cyber defense" n. A8-0189 / 2018 of 25 May 2018 (pages 19 and 20, v.link):
"Calls on the EU to perform comprehensive review of software, IT and communications equipment and infrastructure in institutions in order to exclude potentially dangerous programs and devices, and to ban those that have been confirmed as malicious, such as Kaspersky Lab" .
The Report, very interesting in many aspects, in particular because it gives evidence of the European programs being developed in the cyber sector, has been criticized by various States that have not found espionage activities conducted by Kaspersky software against customers (at least nothing different from what everyone does, gathering information and analyzing for the purpose of preventing and identifying cyber threats).
The report was still the object of interest from a Belgian European deputy, Gerolf Annemans, who last March 6 asked for explanations relating to what was stated in the Report:
“Designing programs and companies as 'dangerous' from the point of view of cyber defense.
On 13 June 2018, the European Parliament adopted a Resolution on cyber defense. Paragraph 76 names a private business, namely Kaspersky Lab, whose programs it brands 'dangerous' and even 'malicious', without any further explanation.
1. Does the Commission know of any reason other than certain press articles that justifies the labeling of Kaspersky as 'dangerous' or 'malicious', especially since Member States such as Germany, France and Belgium do not perceive any problems with cooperation with the firm concerned?
2. Kaspersky were discussed with a view to an EU ban?
3. Does the Commission have any reports or opinions of cyber experts or consultancies about Kaspersky Lab, and can it give me references to them? "
In fact, by stimulating the written response of the European Commission that with response no. P-001206/2019 (ASW) had to back down, claiming that they were wrong.
The Commission replied "… Commission is not in possession of any evidence regarding potential issues related to the use of Kaspersky Lab products. The Commission is following closely debates and developments concerning the security of IT products and devices in general, including discussions about potential measures related to access to the EU market. The EU is an open market, which can be accessed by foreign companies in compliance with EU rules. In addition, Member States have the competence to decide whether to exclude companies from their markets for national security reasons. Regarding reports or opinions published concerning the issue raised by the Honorable Member, the Commission did not commission any reports. "
Now, I would like to dwell on some considerations:
- following the 2018 report, several European countries banned Kaspersky products from their national market, this is the case in the UK, Lithuania and the Netherlands. The 2018 Report in fact left no room for doubt. The behavior therefore caused damage to the Kaspersky Company which will probably assert its reasons elsewhere (perhaps legal?);
- the Commission's response clearly indicates that it has no evidence, contrary to what was previously stated, but adds that no Report will be commissioned to investigate the issue, thus relegating it to a "problem solved, not worthy of further publicity ...", at least doubtful. In fact, whether the error occurred initially indicating kaspersky Lab as not worthy of trust, or whether the error was made recently, it would be logical to give rise to further investigations that should be made public as there could be consequences on cyber security. member countries (using or not using a product means in fact making security policies and more !!!);
- there is a lot of talk about the products of China and Russia and about alleged "security problems" linked to the collaboration between the companies and the States to which they belong (see Huawey and Kaspersky, just by way of example) but there is no mention at all of what is happened over time with products of Western manufacturers and the alleged acts of espionage committed by them, why? If the interest is really to protect oneself, then many other "suspects" could be included in the list of the Cyber EU Report ...
All this to say that, perhaps, it is appropriate to deepen and pay attention to hasty judgments, often harbingers of incorrect decisions and which cannot always be coped with simply by engaging in reverse. Sometimes (undeserved) lack of confidence can cause wounds that are difficult to heal.
To learn more:
- https://securityaffairs.co/wordpress/84022/breaking-news/european-commis...
- http://www.europarl.europa.eu/doceo/document/A-8-2018-0189_EN.pdf?redirect
- http://www.europarl.europa.eu/doceo/document/P-8-2019-001206_EN.html
- http://www.europarl.europa.eu/doceo/document/P-8-2019-001206-ASW_EN.html
Photo: web
