California's Cybersecurity Integration Center has been ahead of the curve in protecting the state from Russian cyberespionage.
"Though the information used to produce the State’s action originated from GSA and other federal sources, the federal government did not move to completely ban Kaspersky products until yesterday, nearly two months after the state took similar action," Mario Garcia, deputy commander of the California Cybersecurity Integration Center in the Governor’s Office of Emergency Services, wrote to Techwire in an email on Friday.
Garcia emphasized that his agency, known as Cal-CSIC, raised the alarm on Kaspersky well before the federal government did so last week.
The U.S. General Services Agency pulled Kaspersky Lab products from contract schedules on July 11, which stopped federal agencies from buying any more of the anti-virus software products.
The Department of Homeland Security issued a binding operational directive: “Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems."
Due to the publicity of the event, Cal-CSIC "then began a deep dive to research threats posed by Kaspersky Lab — a Russian-owned company" Keith Tresh, commander of the California Cybersecurity Integration Center in the Governor’s Office of Emergency Services, wrote to Techwire in an email.
Using reports from federal and state agencies, "the Cal-CSIC made the recommendation to our boss, Director Ghilarducci, in his role as Homeland Security Advisor to the Governor."
OES Director Mark Ghilarducci then involved Department of Technology Director Amy Tong and Government Operations Secretary Marybel Batjer. The three leaders deemed Kaspersky software a threat and directed agencies to remove the software and to end all procurements that include it.
Both the GSA and Cal-CSIC were concerned about "ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” according to Tresh.
