Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

DHS Orders Government Agencies to Stop Using Kaspersky Products

The U.S. Department of Homeland Security (DHS) issued a binding operational directive on Wednesday ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns regarding the company’s ties to Russian intelligence.

The U.S. Department of Homeland Security (DHS) issued a binding operational directive on Wednesday ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns regarding the company’s ties to Russian intelligence.

The DHS told agencies that they have 30 days to identify the use or presence of products supplied directly or indirectly by Kaspersky. Once such products have been identified, agencies have 30 days to develop a plan for their removal from IT systems, and another 30 days to start implementing the plan.

In a statement, the DHS said Kaspersky’s products expose systems to cyberattacks due to the broad access and elevated privileges they provide.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS said. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

However, the DHS said Kaspersky will be given the opportunity to submit a written response to address or mitigate these concerns.

In response, Kaspersky said it was dissapointed with the decision and reiterated that it does not have inappropriate ties with any government, but the security firm is grateful for the opportunity to prove that the allegations are “completely unfounded.” The company claims the Russian laws and policies cited by the DHS have been misinterpreted as they only apply to telecoms firms and ISPs.

“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia,” Kaspersky stated.

“In addition, more than 85 percent of its revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line. These ongoing accusations also ignore the fact that Kaspersky Lab has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development,” the company added.

The DHS’s order comes after the U.S. General Services Administration, the agency that handles government purchasing contracts, removed Kaspersky Lab from its list of approved vendors. Just before the DHS’s ban, electronics retailer Best Buy also announced that it had stopped selling the Russian company’s products due to concerns regarding ties to Russian intelligence.

The links between Kaspersky Lab Founder Eugene Kaspersky and Russian intelligence have often been debated, with numerous news articles being published over the past years. Despite the lack of any clear evidence showing that the use of the company’s products poses a risk to the U.S. or any other government, media coverage claiming to show inappropriate connections to Russian intelligence has intensified in the past few months.

One U.S. senator even proposed an amendment to the National Defense Authorization Act to prohibit the use of Kaspersky Lab products.

Despite the negative media coverage, Kaspersky announced recently its plans to open an additional three offices in North America next year, namely in Chicago, Los Angeles and Toronto. The company pointed out that it already has three operational offices in the region, employing nearly 300 people.

“Given that U.S. government sales have not been a significant part of the company’s activity in North America, Kaspersky Lab is exploring opportunities to better optimize the Washington D.C. office responsible for threat intelligence offerings to U.S. government entities,” the company said.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.