Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?



DHS Orders Government Agencies to Stop Using Kaspersky Products

The U.S. Department of Homeland Security (DHS) issued a binding operational directive on Wednesday ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns regarding the company’s ties to Russian intelligence.

The U.S. Department of Homeland Security (DHS) issued a binding operational directive on Wednesday ordering government departments and agencies to stop using products from Kaspersky Lab due to concerns regarding the company’s ties to Russian intelligence.

The DHS told agencies that they have 30 days to identify the use or presence of products supplied directly or indirectly by Kaspersky. Once such products have been identified, agencies have 30 days to develop a plan for their removal from IT systems, and another 30 days to start implementing the plan.

In a statement, the DHS said Kaspersky’s products expose systems to cyberattacks due to the broad access and elevated privileges they provide.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS said. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

However, the DHS said Kaspersky will be given the opportunity to submit a written response to address or mitigate these concerns.

In response, Kaspersky said it was dissapointed with the decision and reiterated that it does not have inappropriate ties with any government, but the security firm is grateful for the opportunity to prove that the allegations are “completely unfounded.” The company claims the Russian laws and policies cited by the DHS have been misinterpreted as they only apply to telecoms firms and ISPs.

“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia,” Kaspersky stated.

“In addition, more than 85 percent of its revenue comes from outside of Russia, which further demonstrates that working inappropriately with any government would be detrimental to the company’s bottom line. These ongoing accusations also ignore the fact that Kaspersky Lab has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy technology development,” the company added.

The DHS’s order comes after the U.S. General Services Administration, the agency that handles government purchasing contracts, removed Kaspersky Lab from its list of approved vendors. Just before the DHS’s ban, electronics retailer Best Buy also announced that it had stopped selling the Russian company’s products due to concerns regarding ties to Russian intelligence.

The links between Kaspersky Lab Founder Eugene Kaspersky and Russian intelligence have often been debated, with numerous news articles being published over the past years. Despite the lack of any clear evidence showing that the use of the company’s products poses a risk to the U.S. or any other government, media coverage claiming to show inappropriate connections to Russian intelligence has intensified in the past few months.

One U.S. senator even proposed an amendment to the National Defense Authorization Act to prohibit the use of Kaspersky Lab products.

Despite the negative media coverage, Kaspersky announced recently its plans to open an additional three offices in North America next year, namely in Chicago, Los Angeles and Toronto. The company pointed out that it already has three operational offices in the region, employing nearly 300 people.

“Given that U.S. government sales have not been a significant part of the company’s activity in North America, Kaspersky Lab is exploring opportunities to better optimize the Washington D.C. office responsible for threat intelligence offerings to U.S. government entities,” the company said.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet