The Cybersecurity 202: The U.S. got tough on Kaspersky and Huawei. Will Russia and China retaliate?

[The AchieVer]

The U.S. government’s get-tough strategy with Russian and Chinese companies that officials suspect of spying for their home governments risks a tit-for-tat response that could hurt U.S. companies and contribute to fracturing the global Internet, experts and former officials warn.
 
An escalating conflict over government bans on Kaspersky, Huawei and ZTE products could prompt Russia and China to retaliate by banning U.S. companies in those markets, said Adam Segal, a China expert and director of the cybersecurity policy program at the Council on Foreign Relations.
 
“U.S. actions reinforce Beijing's view that it is in a tech cold war with the U.S. and that Washington wants to contain China's rise,” Segal told me. “It will react by increasing its own efforts to develop home-grown tech and retaliate against U.S. firms.” Just as likely, China and Russia might further hike trade barriers for digital tech firms that have been rising since 2015, Segal said.
 
The prospect of retaliation only intensifies pressure on the lawmakers and executive branch officials who back the bans — and may make it harder to press companies and allies to join in. 
 
The U.S. government won a major victory late last month when a federal appeals court upheld two government-wide bans that effectively barred software from the Russian anti-virus company Kaspersky Lab from government computers or from contractors that touch government systems. The bans, imposed by the Department of Homeland Security in October 2017 and by Congress two months later, followed months of allegations that a Kaspersky anti-virus could be used as a spying tool by the Kremlin. 

In August, Congress passed similar bans against the Chinese telecom companies Huawei and ZTE.
 
Now, companies and government officials should prepare for a backlash against U.S. companies and be ready to “truth squad” any charges those companies were spying on behalf of the U.S. government, Frank Cilluffo, a former White House homeland security adviser during the George W. Bush administration, told me.

At the same time, lawmakers are keeping up the pressure in Washington and urging industry and some allies to steer clear of the Russian and Chinese companies. Sen. Mark R. Warner (D-Va.) urged Google in June to be more transparent about its dealings with Huawei. Warner and Sen. Marco Rubio (R-Fla.) have consistently urged Canada to shut Huawei out of its planned 5G network.  

After Canadian officials announced they’d arrested Huawei Chief Financial Officer Meng Wanzhou on Wednesday, seemingly to be extradited to the United States for sanctions violations, Sen. Ted Cruz (R-Tex.) described the company on Twitter as “a Communist Party spy agency thinly vieled (sic) as a telecom company.”

 

Bruce McConnell, a former top cyber official in the Department of Homeland Security, said this kind of language may only add fuel to the fire. While government bans might be necessary to protect national security secrets, he said, this could encourage China and Russia to launch a similar war of words against U.S. companies.
 
“It’s up to governments and customers to make their own decisions,” he said. “When government acts as a national policymaker, that’s a different story … It’s more of a reputational issue if the government is calling around to people and warning them off something.” 

After all, government and private sector interests might not be totally aligned. Many U.S. and European security pros, for example, say Kaspersky is useful inside a broader suite of cyber protection tools, he said, because Kaspersky researchers are better at spotting and protecting against malware written by Russian cybercriminals.
  
As China and Russia consider how to respond to the bans, it might not be so easy for them to replace American tech products. For one thing, the United States leads in most of the technology that is vital to government and critical infrastructure, so it would be difficult to find a suitable replacement, Segal said. 

But there are other ways to respond besides an outright prohibition on U.S. products. The Russian and Chinese governments have passed cybersecurity laws that make it harder for foreign companies to enter their markets, and those rules could become more onerous, Segal said. Those laws require companies to store data inside national borders under certain circumstances. The governments have also demanded that some companies that manage critical systems submit to intrusive reviews of the source code underlying their products.
 
Regardless of how China and Russia respond, this conflict is part of a broader shift to greater controls on government and sensitive computer networks, said Cilluffo, who runs a cyber strategy and technology program at Auburn University. 

“Countries are increasingly turning to internal security providers, especially when dealing with cybersecurity,” he said. “There are some legitimate concerns in term of Balkanization of the Internet, but I don’t think Kaspersky is the tipping point.”

 

Source

[knowledge-Spammer]

 

 

removed befor mods do it