Federal Waste Report Says Government Dropped the Ball on Using Kaspersky Software

An employee of Kaspersky Lab works on computers at the company's headquarters in Moscow, Russia, Saturday, July 1, 2017.

An employee of Kaspersky Lab works on computers at the company's headquarters in Moscow, Russia, Saturday, July 1, 2017. Pavel Golovkin/AP

The long-delay before agencies were ordered to remove Kaspersky reflects a dangerous inefficiency in government, Sen. James Lankford says.

A multi-year delay between when U.S. intelligence agencies first became concerned about Russian government access to Kaspersky anti-virus software and when the Homeland Security Department ordered federal agencies to scrub the Russian software from their computer systems was … well … a real bonehead move, Sen. James Lankford, R-Okla., said Monday.

Lankford listed the Kaspersky brouhaha fifth in his annual list of “Federal Fumbles,” a compendium of instances in which “federal agencies or departments have wasted or inefficiently used billions of your dollars.”

Top intelligence and security officials were concerned about Kaspersky at least as early as 2014, a Homeland Security Department official testified this month. Homeland Security only gave the order to scrub the anti-virus from government systems in September, however, and the job won’t be complete until after Dec. 13.

“To keep our networks and computers safe from any type of cyberattack, DHS and intelligence agencies should not take several years to study a potential problem before making a decision,” Lankford wrote.

“Those who had knowledge of a problem with Kaspersky or good reason to believe there was a problem should have moved much more quickly to notify others and ensure the software was removed from computers,” he continued.

This year’s Federal Fumbles was heavy on tech and cyber programs.

The report cites a lackluster 2016 inspector general’s review of computer server security at the Treasury Department's Bureau of the Fiscal Service as well as an August IG report that found $11 million in Social Security benefits was lost to identity thieves because there were too few checks on the Social Security Administration’s log-in page.  

Other fumbles include poor record keeping about Defense Department information technology systems and a $12 million IRS contract for a cloud-based email system that was never deployed.

The Government Accountability Office has also cited a “high risk” of federal data breaches each year since 1997, the digest notes.

Lankford’s report also dings a National Endowment for the Humanities grant for virtual reality research involving puppets“virtual reality gaming is a multi-million dollar industry that does not need federal funds to survive”—and a National Institutes of Health study on techniques for raising awareness about HIV/AIDS that found young people frequently check social media on their cellphones. “The fumble here is that NIH has spent almost $800,000 to tell us what we already know,” the report said.

Lankford and retiring Sen. Jeff Flake, R-Ariz., have both published digests of allegedly wasteful government programs in recent years. They’re carrying on a tradition started by Lankford’s predecessor, Sen. Tom Coburn, R-Okla., who published an annual “Wastebook.”

Lawmakers say these digests highlight bad decisions and poor planning for government spending. Some scientists and bureaucrats whose work is highlighted have complained, however, that the wastebooks reduce important research to simple caricature.

Duke University biologist Sheila Patek recently explained to NPR’s Planet Money, for example, that her research into the seemingly physics-defying strength of a hammer-like appendage on the mantis shrimp’s face could have myriad applications for naval engineering and other fields important to the government.

Flake’s 2015 wastebook, dubbed “The Farce Awakens,” described Patek’s research as a “shrimp fight club.”