DHS Orders Feds to Dump Software From Russia-Linked Kaspersky Lab

Frederick Owens
September 13, 2017

This is one of the US government's most significant steps yet amid concerns that the Kremlin could try to use Kaspersky Lab software - embedded in homes, businesses and government systems across the United States - to spy on Americans, steal sensitive files or attack critical infrastructure.

Kaspersky Lab responded in a statement today, saying, "Given that Kaspersky Lab doesn't have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS), but also is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded".

A statement said executive-branch departments and agencies have up to 90 days to begin discontinuing use of Kaspersky software and remove the products from computer systems.

The company concluded that it was "caught in the middle of a geopolitical fight" and is being "treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts".

Questions over Kaspersky's motives have even led the US electronics chain Best Buy to stop stocking Kaspersky antivirus software. But the Defense Department, which includes the National Security Agency, does not generally use Kaspersky software, officials said.

The directive will also put pressure on state and local governments that use Kaspersky's products.

More news: Democrats investigating whether Gen Michael Flynn promoted reactor project as Trump aide

All federal agencies have 30 days to identify any Kaspersky products used on their computer systems. Jeanne Shaheen, D-N.H., is pushing legislation to prohibit the federal government from using products made by Kaspersky Lab, which she said has "extensive ties to Russian intelligence".

"Eugene Kaspersky, CEO and founder of Kaspersky Lab, has repeatedly offered to meet with government officials, testify before the U.S. Congress and provide the company's source code for an official audit to help address any questions the U.S. government has about the company", the company said in a statement earlier this month.

The idea of having Kaspersky software on US networks presented "an unacceptable risk" mainly because Russian law requires the company to collaborate with its main spy agency, the FSB, White House cybersecurity coordinator Robert Joyce said at the Billington Cybersecurity Summit in Washington on Wednesday. "For us the idea of a piece of software that's going to live on our networks, going to touch every file on those networks, going to be able to, at the discretion of the company, to decide what goes back to their cloud in Russia-and then what you really need to understand is under Russian law they must collaborate with FSB [Russian Federal Security Service]-for us in the government that was unacceptable risk".

When the GSA announced its July decision, it underscored that its mission was to "ensure the integrity and security of USA government systems and networks" and that Kaspersky was delisted "after review and careful consideration".

"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks", the DHS said Wednesday. "The department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant".

Other reports by LeisureTravelAid

Discuss This Article

FOLLOW OUR NEWSPAPER