Software from Russian security company Kaspersky Lab is no longer allowed on federal computers in the US. A couple of months ago, the US General Services Administration removed Kaspersky Lab from the list of approved federal vendors and now Homeland Security is banning the use of Kaspersky software outright. Kaspersky is one of the most prominent security firms in the world and they often respond faster to new threats than other companies.
While there doesn't appear to be any hard evidence of wrongdoing, the move is sparked by fears over active ties between Kaspersky and Russian intelligence agencies. Homeland Security believes the risk to US national security is too high and ordered all agencies and departments to eliminate the use of Kaspersky software within 90 days:
In a statement on Wednesday, DHS Acting Secretary Elaine Duke directed all Executive Branch agencies and departments to identify over the next 30 days any Kaspersky products being used, make a plan in the next 60 days to eliminate their use and begin that discontinuation within 90 days.
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS said in its directive.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
DHS claims it will reconsider its position if Kaspersky can provide evidence or data that could offset the US government's concerns.
Kaspersky is disappointed by the decision and responded that it doesn't have inappropriate ties with any government. The Russian security company insists the allegations are completely unfounded and points out no credible evidence has been presented publicly:
Given that Kaspersky Lab doesn’t have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS), but also is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded.
No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company. Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.
In addition, more than 85 percent of its revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line. These ongoing accusations also ignore the fact that Kaspersky Lab has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development.
Regarding the Russian polices and laws being misinterpreted, the laws and tools in question are applicable to telecom companies and Internet Service Providers (ISPs), and contrary to the inaccurate reports, Kaspersky Lab is not subject to these laws or other government tools, including Russia’s System of Operative-Investigative Measures (SORM), since the company doesn’t provide communication services. Also, it’s important to note that the information received by the company, as well as traffic, is protected in accordance with legal requirements and stringent industry standards, including encryption, digital certificates and more.
Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues. The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit.