Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

Senators Concerned Over DHS Employees Using Foreign VPNs

United States senators have voiced concerns over the use of foreign-made Virtual Private Network (VPN) applications within the Department of Homeland Security (DHS). 

United States senators have voiced concerns over the use of foreign-made Virtual Private Network (VPN) applications within the Department of Homeland Security (DHS). 

VPN services promise improved security and privacy when browsing the Internet by routing all of the user’s traffic through the provider’s servers, and a large number of people, including mobile users, have adopted such services for increased online privacy.

Furthermore, users are also adopting data-saving apps, including mobile browsers such as Dolphin, Yandex, and Opera, which route traffic through their servers and compress it before serving them to the user, to provide data-saving functionality.

It is the growing adoption of mobile apps that could expose U.S. government employees’ web browsing data and the routing of users’ traffic on foreign servers is worrisome, Senators Marco Rubio (R-FL) and Ron Wyden (D-OR) told Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher Krebs in a letter dated February 7. 

“We are particularly concerned about the potential threat posed by foreign-made apps that are affiliated with countries of national security concern and urge you to examine the national security risk they pose,” the letter reads (PDF). 

The Senators point out that some of these applications, many which have been downloaded by millions of users, are developed by “foreign companies in countries that do not share American interests or values.”

“Because these foreign apps transmit users’ web-browsing data to servers located in or controlled by countries that have an interest in targeting U.S. government employees, their use raises the risk that user data will be surveilled by those foreign governments. The compromise of that data could harm U.S. national security,” the Senators say. 

The letter also notes that the U.S. government has already recognized the national security risks posed the use of foreign technologies. 

Advertisement. Scroll to continue reading.

The House Intelligence Committee has already recommended the U. S. should view with suspicion the increased presence of Chinese companies on the U.S. telecommunications market and the DHS last year ordered all federal agencies to remove products from Kaspersky Lab from their networks, the Senators say.

“If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia,” the letter reads. 

The Sens. urge for “a threat assessment on the national security risks associated with the continued use by U.S. government employees of VPNs, mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance.”

Furthermore, the Senators say that, should these services be found to pose a risk to the national security, a Binding Operational Directive should be issued, to prohibit their use on federal government smartphones and computers.

Related: Marco Rubio Proposes New Federal Data Privacy Bill

Related: Senator Urges Federal Agencies to Ditch Adobe Flash

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.