Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Kaspersky Sues U.S. Government Over Product Ban

Kaspersky Lab has filed a lawsuit against the U.S. government in response to the decision of the Department of Homeland Security (DHS) to ban the use of the company’s products in federal agencies.

Kaspersky Lab has filed a lawsuit against the U.S. government in response to the decision of the Department of Homeland Security (DHS) to ban the use of the company’s products in federal agencies.

The Russia-based cybersecurity firm’s appeal, filed in the U.S. District Court for the District of Columbia, targets the DHS’s Binding Operational Directive 17-01, which the agency issued in mid-September. President Donald Trump reinforced the ban last week when he signed the National Defense Authorization Act for FY2018.

Kaspersky says the ban is unconstitutional as it infringes the company’s due process rights. Kaspersky believes the DHS should have given it the opportunity to view the information and contest it before the directive was issued.

The company’s lawsuit also alleges that the decision to prohibit its products in federal agencies is largely based on rumors and media reports citing anonymous sources. While some believe the U.S. government may have actual evidence that Kaspersky Lab has been aiding Russia’s espionage efforts, no proof has been presented and even some officials appear to base their accusations on news reports.

Kaspersky claims that it voluntarily reached out to the DHS in July and offered to assist with any investigation into the company and its products. While the agency seemed to appreciate the offer and promised to get it touch, it did not do so, and instead it issued the 17-01 directive, banning the company’s software and services without warning.

The security firm says that while only a relatively small percentage of its revenue comes from the U.S. government, the DHS’s actions have had a negative impact on sales in other sectors, in both the United States and other countries.

“Through Binding Operational Directive 17-01, DHS has harmed Kaspersky Lab’s reputation, negatively affected the livelihoods of its U.S.-based employees and U.S.-based business partners, and undermined the company’s contributions to the broader cybersecurity community,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab.

A majority of the accusations against Kaspersky Lab stem from its founder’s former ties to Russian intelligence. However, the CEO pointed out that most of the intelligence reports published by the company in the past years targeted Russian-speaking espionage groups.

Advertisement. Scroll to continue reading.

In response to claims by U.S. officials that Kaspersky’s software is dangerous due to the deep level of access and privileges it requires, the Russian businessman highlighted that these capabilities are present in all security products and it’s unfair to single out his company without any evidence of wrongdoing.

“Dissuading consumers and businesses in the United States and abroad from using Kaspersky Lab products solely because of its geographic origins and without any credible evidence does not constitute a risk-based approach to cybersecurity and does little to address information security concerns related to government networks,” Eugene Kaspersky said.

Kaspersky has attempted to clear its name by launching a new transparency initiative that involves giving partners access to source code and paying significantly larger bug bounties for vulnerabilities found in the firm’s products.

Shortly after the DHS ban was announced in September, Eugene Kaspersky was invited to testify before Congress. The hearing was later rescheduled for October, but the cyber security tycoon did not receive an invitation.

*Updated to clarify that the September hearing was rescheduled for October and Eugene Kaspersky was not invited. The article incorrectly stated that the CEO was unable to travel to the US for the September hearing due to visa problems.

Related: Kaspersky in Focus as US-Russia Cyber-Tensions Rise

Related: Kaspersky Shares More Details on NSA Incident

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...