In context: Recent months have been filled with news of international cybersecurity concerns and foreign meddling, and now two US Senators are going after a new target – virtual private networks (VPNs) used by governmental employees.
With ongoing investigations into Russian meddling during the 2016 presidential campaign, and the recent rumors of an executive order to ban Chinese hardware from new communications infrastructure, it’s clear that the United States is taking its cybersecurity seriously. Alongside these wide-ranging efforts to tighten security, Senators Marco Rubio (Republican) and Ron Wyden (Democrat) have asked the Department of Homeland Security to investigate governmental employees’ use of VPNs.
The Senators’ concern is that many VPNs make use of foreign servers to redirect traffic, and they are worried that two countries in particular may be on the receiving end of US data – China and Russia.
It’s perhaps no surprise that China and Russia are the two countries being singled out by Rubio and Wyden, given the current uneasy relationship the US has with each nation.
Writing to Christopher Krebs, Director of DHS’s Cybersecurity and Infrastructure Security Agency, the Senators noted, “If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia.”
The ‘if’ at the start of the quote is important as the Senators aren’t singling out any specific products. Instead, they are asking DHS to ‘conduct a threat assessment on the national security risks’, and if appropriate, issue a Binding Operational Directive to prohibit the use of any software deemed a threat.
These Directives have been used before, such as in 2017 when DHS issued one to ban the use of Kaspersky-branded products from federal IT systems.