The U.S. government banned all use of Kaspersky Lab Inc. software in federal information systems, citing concerns about the Moscow-based security firm’s links to the Russian government and espionage efforts.
All agencies will be required to identify any Kaspersky products they have used within 30 days and develop plans to discontinue their use, according to a directive from Elaine Duke, the acting secretary of the Department of Homeland Security.
“This action is based on the information security risks presented by the use of Kaspersky products,” DHS said Wednesday in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
DHS said it has provided Kaspersky an opportunity to address these concerns.
Kaspersky in an emailed statement denied “inappropriate ties with any government” and criticized the U.S. decision as “based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.”
The ban comes after U.S. intelligence agencies concluded that the Russian government was behind an effort to interfere with last year’s presidential campaign with a goal of hurting Democrat Hillary Clinton and ultimately helping Republican Donald Trump win.
Special counsel Robert Mueller is investigating whether any Americans, including associates of Trump, contributed to Russia’s efforts to influence the election. Trump has repeatedly questioned whether Russia was behind the hacking effort.
Michael Flynn, President Trump’s former national security adviser, was paid $11,250 for a 2015 speaking engagement in Washington for Kaspersky Government Security Solutions Inc., a U.S. subsidiary of Kaspersky Lab. Flynn was fired by the Trump administration in February after providing misleading statements about his contacts with Russian officials.
The idea of having Kaspersky software on U.S. networks presented “an unacceptable risk” mainly because Russian law requires the company to collaborate with its main spy agency, the FSB, White House cybersecurity coordinator Robert Joyce said at the Billington Cybersecurity Summit in Washington on Wednesday.
“This is a risk-based decision we needed to make,” Joyce said.
Russian Communications Minister Nikolay Nikiforov threatened in June to retaliate should Congress take action to ban the Defense Department from using Kaspersky software. Nikiforov said at the time that Russian government systems use “a huge proportion” of U.S. software and hardware products.