While there is no evidence that Eugene Kasperky’s antivirus products have backdoors or covert eavesdropping technology, in the final version for the defense bill is a provision that bars the Department of Defense from using security software products from Russian-based Kaspersky Labs.

Kaspersky responded in a statement that the company “is disappointed with the decision” and “doesn’t have inappropriate ties with any government.”  Kaspersky has vehemently denied all allegations of collusion with the Kremlin saying that such collusion would put the company out of business.

Under the directive, agencies would have 30 days to identify all instances of Kaspersky on their systems and 60 days to create plans to remove Kaspersky from those systems. After 90 days, agencies would be required to start implementing those plans unless directed otherwise by the US Department of Homeland Security.

The good news for future college students and cyber warriors is that the House Armed Services Committee wants to allocate more money for cyber scholarships and the NATO Cooperative Cyber Center of Excellence in the NDAA 2018.

Also related to acquisition, the proposed legislation would give the DOD CIO responsibility for “policy, oversight, guidance, and coordination for supply chain risk management activities,” related to DOD IT.

The committee states that it has serious concerns about DOD’s ability to manage an increasingly globalized IT supply chain and it therefore calls for greater use of automated intelligence feeds, including from commercial intelligence providers, as a means of analyzing supply chain risk.

The bill also establishes a five-year ”Cyber Workforce Development Pilot Program” that will assess the effectiveness of implementing a full-scale cyber talent management program. The pilot will be administered by the DOD CIO in coordination with the principal cyber advisor, and will assess cyber talent shortfalls, changes to skills needed in the workforce and incentives to recruit and retain cyber personnel.

The full text of the bill can be found here: https://www.congress.gov/bill/115th-congress/house-bill/2810/text

Gary S. Miliefsky
Executive Producer
Cyber Defense Magazine