Sens. Ron Wyden, Marco Rubio Calling for ‘Threat Assessments’ on Foreign-Made VPNs

Sens. Ron Wyden (D-Ore.) and Marco Rubio (R-Fla.) sent a letter Thursday to the Department of Homeland Security calling for the potential ban of foreign-made virtual private networks for use by government employees.

Wyden and Rubio are urging Christoper Krebs, director of DHS’ Cybersecurity and Infrastructure Security Agency, to conduct a threat assessment on the national security risks that come with government employees using browsers that run on VPNs created by foreign companies. The senators noted that millions have downloaded foreign-made VPN apps, including those from countries that don’t “share American interests or values.”

"Because these foreign apps transmit users' web-browsing data to servers located in or controlled by countries that have an interest in targeting U.S. government employees, their use raises the risk that user data will be surveilled by those foreign governments," they added.

Wyden and Rubio noted that the U.S. government is taking steps addressing the potential risks of foreign-made technology by conducting investigations on Chinese telecommunications equipment and Russian products such as those from Kaspersky Labs. Both senators called on Krebs to issue a binding operational directive to prohibit foreign-made VPNs on federal systems and devices if it's found they “pose a threat to national security.”

You may also be interested in...

Brian Conrad

Brian Conrad: FedRAMP to Implement Threat-Based Scoring in Security Control Assessments

Brian Conrad, acting director of the Federal Risk Authorization Management Program, said FedRAMP wants to apply a threat-scoring methodology to evaluate security controls. Conrad said FedRAMP is working to implement the fifth control catalog revision of the National Institute of Standards and Technology's Special Publication 800-53.