The Kaspersky case in Italy has developed very rapidly in recent days. And now came the words of the general manager for Italy of the Russian company that develops antivirus. Words that deny any kind of spying attitude of the most well-known antivirus in the world, as someone had feared.
So let’s start with Kaspersky’s denial, and then retrace the steps of a story that involves the security systems of our Public Administration.
Kaspersky replica alle accuse
After the moves of the Guarantor first and then of the Government, which intend respectively to investigate Kaspersky and eliminate its products from the PAs of our country, the company’s reply has arrived. Entrusted to Cesare D’Angelo, general manager for Italy of Kaspersky Lab.
Interviewed by Repubblica, D’Angelo denied that the company’s antiviruses could in any way harm our cyber protection systems. Cesare D’angelo said: “No one has ever demonstrated our specific responsibilities in this sense. Unfortunately, the geopolitical scenario has also affected our technologies but we want to reaffirm our willingness to work with the institutions and continue to protect Italy from current threats. We are the ones who have discovered the largest number of APTs of Russian origin and we are a fundamental player for national and global security ”.
Recall that APT stands for Advanced Persistent Threat, or persistent and advanced threat.
The “spy” antivirus
Then stressed on the possibility that an antivirus spies on users, D’Angelo added: “Antivirus solutions, by themselves, do not need functions to spy on the user and, indeed, are designed to do the opposite.. If a product contained them, it would be something additional not strictly necessary for the detection functions.
As far as our products are concerned, the absence of these features is verifiable from the source code. “
Moreover, the news that Kaspersky will be eliminated from the systems of the public administrations of our country “is already attracting the attention of cybercriminals and could make the Italian PA more vulnerable.”
But let’s see the three main steps that led to these statements.
The intervention of Franco Gabrielli
In another article we have given you an account of the intervention of Franco Gabrielli, Undersecretary to the Prime Minister with responsibility for national security.
Gabrielli, mimicking the stances of the Netherlands, Germany and France, raised doubts about the danger of Kaspersky, installed in the systems of our PA.
Franco Gabrielli spoke of “antivirus systems produced by the Russians and used by our public administrations that we are verifying and planning to dispose of, to prevent them from becoming an attack tool from a protection tool. It is the fifth sector of possible conflict after sky, earth, sea and space ”.
We were therefore waiting for a regulation aimed at suspending the use of the Kaspersky antivirus in our Public Administration.
The investigation of the Guarantor
A few days after the words of Undersecretary Gabrielli, the action of our Privacy Guarantor arrived. Which, as stated in a note published on the official website on Friday 18 March, has opened an investigation to verify “the methods of processing Italians’ data”.
Kaspersky Lab, among other things, will have to specify the number and type of its customers in our country. And clarify whether or not the data of Italian customers are transferred outside the European Union, in particular to Russia.
In this sense, Cesare D’Angelo declares himself calm. Indeed, he underlines that “the initiative of the Guarantor is legitimate and is a good opportunity to respond officially to the doubts raised”.
The government decree
Finally, the Government intervened. Which in the so-called Energy Decree he hinted at how Kaspersky antivirus in PAs should be replaced with other software due to potential security risks.
Article 28 of Chapter II deals with the issue of strengthening the regulation on cybersecurity. And among other things you can read the following: “In order to prevent damage to the security of networks, information systems and IT services of public administrations, these proceed promptly to diversify the products in use, also through negotiated procedures. The purchase procedures will concern certain categories of sensitive products and services such as antivirus, antimalware, endpoint detection and response (EDR) and web application firewall (WAF) applications. “