Federal government agencies are banned from using software developed by Kaspersky Lab, a Russian firm with alleged links to that country’s intelligence agencies, acting Secretary of Homeland Security Elaine Duke said in a statement Wednesday.
Agencies now have 90 days to remove Kaspersky software from their systems.
Amid an investigation into the Russian campaign to interfere in the 2016 election, Kaspersky has come under intense scrutiny by American officials who fear that the Kremlin could lean on the firm to grant access to client computer systems.
The decision to ban Kaspersky, a giant in the global anti-virus market with some 400 million customers around the world, represents the latest chill in relations between Washington and Moscow. By banning Kaspersky, U.S. officials have struck a blow to the business goals at one of Russia’s most successful global companies and may expose American firms to retaliation from Moscow.
Kaspersky denies that it has allowed the Kremlin access to customer data, but American officials said on Wednesday that the decision to ban Kaspersky products from federal systems was based on the risk posed by the company and its inability to resist Kremlin directives. “Under Russian law that company must collaborate with the FSB,” Rob Joyce, Trump’s top cyber adviser, said during remarks at the Billington Cybersecurity Summit in Washington. “For us in the government that was can unacceptable risk.”
In a statement, Kaspersky Lab said it was “disappointed” with the decision and said it was based on “false allegations and inaccurate assumptions.” According to the company, American officials have misinterpreted Russian law. Kaspersky claimed that it is not subject to stringent rules governing firms such as internet service providers and which grant the Kremlin broad authorities over such companies.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” the company said.
American officials have not presented any concrete evidence that Kaspersky has allowed the Kremlin to use its products to advance its intelligence operations.
Kaspersky counts among its ranks former Russian intelligence officials and has assisted Russian authorities in investigations of cybercrime, but such links to domestic security services and assistance are routine in the cybersecurity industry.
In recent months, former American intelligence officials have described Kaspersky as a huge potential asset for the Kremlin because of the way anti-virus software works. By its very nature, anti-virus software provides its operator with deep insight into its customer’s computer. Kaspersky anti-virus software scans nearly every file that passes through a computer and beams reams of data back to company headquarters. Such software has wide-ranging power to update software and potentially gain control of a computer.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” Duke said on Wednesday.
With Kaspersky booted from American federal networks, the Russian government may strike back at American firms. Russian President Vladimir Putin hinted at such a move last week.
“In terms of security, there are things that are critically important for the state, for sustaining life in certain sectors and regions,” Putin said during a meeting with technology executives. “And if you are going to bring in hardware and software in such quantities, then in certain areas the state will inevitably say to you: ‘You know, we cannot buy that, because somewhere a button will be pressed and here everything will go down.’”
Photo credit:Alexey SAZONOV/AFP/Getty Images