On Wednesday, the U.S. Government ordered federal executive agencies to take actions to halt any use of Kaspersky Lab software on their networks. The directive by Acting Department of Homeland Security (DHS) secretary Elaine Duke, requires agencies to identify any use or presence of Kaspersky products on their IT networks in the next thirty days, to develop detailed plans to remove and discontinue present and future use of the products in the next sixty days, and at ninety days from the date of the directive, unless otherwise directed, implement agency plans to discontinue use and remove Kaspersky software from networks. The order does not apply to the Defense Department or the National Security Agency as both entities do not use Kaspersky software, officials said.
DHS “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
In July, concerned that Kaspersky could become a vector for Russia to infiltrate U.S. federal networks, the General Services Administration removed Moscow-based Kaspersky Lab from two lists of approved vendors- NASA’s Solutions for Enterprise-Wide Procurement contract vehicle and GSA’s Schedule 70- used by federal agencies to purchase technology equipment.
Just last week, Best Buy announced it would no longer sell Kaspersky products because of its ties to the Russian government.
Kaspersky Lab has denied any ties or corporation with the Russian government. Its founder, Eugene Kaspersky, graduated from The Technical Faculty of the KGB Higher School, a Soviet intelligence-supported cryptography school and had served as a software engineer in the Soviet military intelligence service.
Kaspersky Lab on Wednesday challenged the DHS order. “Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues.” Kaspersky notes that the Russian law cited in the DHS order are being misinterpreted. “The laws and tools in question are applicable to telecom companies and Internet Service Providers (ISPs), and contrary to the inaccurate reports, Kaspersky Lab is not subject to these laws or other government tools, including Russia’s System of Operative-Investigative Measures (SORM), since the company doesn’t provide communication services.”
DHS has given Kaspersky ninety days to submit a written response addressing the department’s concerns or to mitigate those concerns.