The US Government moves to ban the usage of Kaspersky software by federal agencies; this move comes in the midst of concerns that the company has connections with state-sponsored cyberespionage activities. The government has directed all federal agencies to be prepared to remove Kaspersky software after 90 days unless otherwise directed by the government.
The Washington Post reports- “In a binding directive, acting homeland security secretary Elaine Duke ordered that federal civilian agencies identify Kaspersky Lab software on their networks. After 90 days, unless otherwise directed, they must remove the software, on the grounds that the company has connections to the Russian government and its software poses a security risk.”
A Department of Homeland Security (DHS) press release says- ” After careful consideration of available information and consultation with interagency partners, Acting Secretary of Homeland Security Elaine Duke today issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities.”
It further says- “The BOD calls on departments and agencies to identify any use or presence of Kaspersky Products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems.”
HackerCombat had earlier reported, quoting sources, that the FBI was allegedly urging private sector companies to ditch Kaspersky software. The HackerCombat report had also summarised the issues that have been ongoing between the US government and Kaspersky for the past many months- “Issues had been going on between the US government and Kaspersky for quite some time. Earlier this year, federal government agencies were asked by a US congressional panel to share documents on Kaspersky Lab stating that Kaspersky products could be used for nefarious activities against the US. In May, U.S. intelligence officials told a Congressional committee that they were reviewing government use of software from the Kaspersky Lab following senators raising concerns that Moscow might use Kaspersky products to attack American computer networks. Then, in July, the General Services Administration removed Kaspersky from an approved-vendors list. Later there was a push to bring a ban on the use of Kaspersky products by the US Department of Defense.”
The latest directive apparently comes in the wake of all these developments. The Department of Homeland Security says that the action “..is based on the information security risks presented by the use of Kaspersky products on federal information systems”. The Department, as per the press release, “…is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
Kaspersky has reportedly made it clear that it doesn’t have any such “inappropriate ties with any government” and also that no credible evidence has yet been presented against such allegations. The company has also reportedly clarified that the Russian law requiring assistance does not apply to it.
The DHS, however, has given Kaspersky the chance to prove that its products are not a security risk or to mitigate the concerns, if any. The DHS press release says- “DHS is providing an opportunity for Kaspersky to submit a written response addressing the Department’s concerns or to mitigate those concerns. The Department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant.”