Eugene Kaspersky and the terrible, horrible, no good, very bad day

Diverge at your own risk

The only good reason to separate cybersecurity and physical security is if you don’t want to keep what you’re trying to protect.  They go together.  Cyber is sexy; physical is not.  You’ve got to embrace them both to defend against the modern criminal, espionage, and hacker environment.

We have met the enemy and he is us?

The NSA has been having a series of bad days, bad days that typically started as physical theft and evolved into cyber-shenanigans.  Cyber?  No.  Bad employees.

The current U.S. Government clearance and/or clearance review process has set the NSA, and probably most other agencies, up for failure.  The quality of recently cleared U.S. Government employees is questionable, as their numbers include rapists and murderers. Then there are the hundreds, or perhaps thousands, of trustworthy people who previously held government clearances as military or civilians, and can’t get through the bizarre and ineffective investigation and adjudication now being conducted to reinstate those clearances.  The entirety of civil service, much of the military, and the NSA, have been the recipients of broken people thanks to a broken clearance process.

But is it right to blame a process?

Smoke and mirrors

In the case of Kaspersky, the U.S. Government says that an NSA employee illegally stole highly classified information from its workplace and installed it on a home computer.  That computer was secured from cyber threats by Kaspersky Lab products, products that aggressively monitor software and files to detect intrusion and infestation.  Those products have now been called out as enabling hackers (attributed to the Russia government) to sift through systems containing Kaspersky software and search for information of defense or economic value.  Stop me if you’ve heard this too many times lately: “Bad Kaspersky.  Bad Russians.”  I have no financial or other ties or obligations to Kaspersky, but I do gladly recognize their stellar work in defending ICS around the globe. 

Something’s wrong here.  There’s a criminal involved without whose actions none of this would have come to pass.  Somebody stole the secrets from the NSA, but what discussion are you seeing in the media regarding the perpetrator?  Let’s blame and punish the criminal first, and later worry about its environment influences and upbringing.  

The sound of silence

The loathsome traitor Snowden. The addled, but functional and cognizant, traitor Martin. The Islamic Jihad-loving traitor Winner (read the great document denying her bail). Three so-called U.S. citizens who held Top Secret clearances.  We know their names because we know their crimes.  In the case of Winner, it was seemingly only minutes from the publication of her collection of stolen secrets until her arrest.  So, what’s going on with this Kaspersky-linked crime?  Punish the criminal! Completely missing from the story line is the emphasis on the criminal, supposedly a contractor for the NSA who illegally removed the classified material and placed it on its own equipment at home, a fact mentioned in passing in almost every media story.

Jail.  Done deal.  Anybody who ever held a clearance of any type knows this is wrong, the damage it can cause, and the penalties associated with this action. Somebody didn’t care and took the chance.  Why?

Doubt and certainty

Somebody who worked at the NSA stole the secrets.  Kaspersky didn’t, and Kaspersky as thief isn’t accused in the U.S. Government’s assertion.  That doesn’t mean that 99% of the discussion and blame doesn’t hit Kaspersky, however. 

The U.S. Government repeatedly fails the test of being able, or willing, to fix the actual problems, those being leaks and broken people. There further arises, in this case, a reasonable concern that the entire episode might be political payback for the reported Russian interference with the U.S. elections. 

In the last four years we’ve had the despicable traitors Snowden, Winner, and Martin, plus an unknown inside leaker still being sought for providing NSA tools to the self-named Shadow Brokers.  The problem time and again lies with the wrong people holding clearances and an adjudication and investigation system that’s broken.  No less than the former Director of National Intelligence, James Clapper, is a critic. 

Even if at some point it is proven beyond a shadow of a doubt that Kaspersky products enabled the remote identification of NSA files, it doesn’t prove Kaspersky did anything wrong. Can we eventually fill in the blanks and blame Kaspersky?  Maybe.  On the other hand, there is a direct link between the thief and the theft.  Punish the thief.