“As soon as there is political and military competition, there is always suspicion,” analyzes a cybersecurity expert

The United States announced the ban on Russian software, citing reasons of internal security and protection of Americans’ data.

“Russia has repeatedly shown that it has the capacity and intent to exploit Russian companies, such as Kaspersky Lab, to collect and exploit sensitive US information”, explained the American Secretary of Commerce after the United States’ decision to ban the use of Russian antivirus software Kaspersky. This action “is vital to our homeland security and will better protect the personal information and privacy of many Americans”said the Secretary of Homeland Security.

Nicolas Arpagian, specialist in digital risks and vice-president of Headadmind Partners, explains how this foreign software can represent a threat to States. “The more we can use national actors, the stronger the strategic autonomy of the country and the Europe zone will be”he analyzes.

Why is the United States deciding to ban this Russian antivirus?

It is the continuation of an ancient story. The indictment of the Kaspersky company dates back to 2017. Since 2017, the United States federal administration had requested that it no longer use Kaspersky software for its services. In 2022, the FCC, therefore the Communications Regulatory and Control Authority, once again placed Kaspersky and its products on the list of communications equipment and services which constituted, in these terms, “a threat to internal security”. So we in fact have the continuity of this questioning, knowing that what is interesting to note is that there are no particular circumstances which explain or justify this national banning. That is to say that there is not a new fact, for example, which could give rise to the umpteenth conviction that there is a risk for this company. The second thing is that there are no illustrations with concrete examples to demonstrate. This is also Kaspersky’s line of defense.

The criticism that is made is to say that the Kremlin and the Russian political authorities have demonstrated in the past that they could solicit Russian companies in order to exploit their technical capacities to collect and exploit sensitive information from UNITED STATES.

“It’s really the fact that potentially the Russian authorities would be able to demand that Russian companies like Kaspersky insert themselves, be able to capture data.”

Nicolas Arpagian, specialist in digital risks

at franceinfo

Data obviously known to the antivirus company since in essence, an antivirus scans databases, infrastructures, computer equipment to ensure their integrity and that they are not previously contaminated by a virus documented. So the criticism, or at least the suspicion that is made, is that the Russian authorities would be led to require Russian companies, of which Kaspersky is a part, to exploit and collect data that would be present in the information systems of security software users.

Are the United States right to be wary of this software?

The difficulty with cybersecurity is that obviously actions can be carried out without the knowledge of the legitimate owners and operators of the technologies. When it comes to extracting data, capturing information, this could be done to a certain extent, without the knowledge of the users of these technologies. And so obviously, as soon as there is political, economic, scientific, technological, military competition between these blocs, Russia and the United States, it is obvious that there is always suspicion. What the American administration presents as an argument, through the voice of the Secretary of State for Commerce, supported by the Secretary of State for Homeland Security, is to say that Moscow is in a position to demand this from these companies.

Should the French also be vigilant and check the origin of their antivirus?

Everyone makes their choices. When you choose a technology, just as there have been warnings about Tik Tok’s collection of information and personal data, to this day it remains a personal choice to use it. The important thing is to explain and make the concerns understood and to inform that the United States has decided, for security reasons and questions as to the fact that the data could be exploited for strategic purposes . Even if there is a political dimension to this announcement, after all it is everyone’s choice since the product is on sale over the counter, everyone can persist and continue to use it. On the other hand, it is information that a government with its intelligence sources, with this documentation capacity, continually affirms the questioning of this software.

“The French administrations had also questioned themselves and had chosen gradually and for several years already, to modify things”

Nicolas Arpagian

at franceinfo

The recommendation of the National Security Agency at the time was to plead for a diversification of service providers in this area. And so the message is clear: this is not a formal legal prohibition, but an encouragement to choose other security publishers.

To avoid risks, should you choose a French antivirus?

It is obvious that the more we can use national actors, the stronger the strategic autonomy of the country and the European zone will be. So it is obvious that we can only encourage the use of French or European technologies because it contributes to strategic autonomy, that is to say the notion of sovereignty. It’s true that having control over companies in a controlled environment is something that helps consolidate strategic autonomy. Obviously, the more consumers are aware that through their purchases or their uses they contribute to the emergence or consolidation of national or European players, the more obviously the ecosystem will be robust and will be less in a position of dependence on the interests of powers.