WASHINGTON (Reuters) - The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.
In a statement, Kaspersky Lab rejected the allegations, as it has done repeatedly in recent months, and said its critics were misinterpreting Russian data-sharing laws that only applied to communications services.
The Department of Homeland Security (DHS) issued a directive to federal agencies ordering them to identify Kaspersky products on their information systems within 30 days and begin to discontinue their use within 90 days.
The order applies only to civilian government agencies and not the Pentagon, but U.S. intelligence leaders said earlier this year that Kaspersky was already generally not allowed on military networks.
In a statement accompanying its directive, DHS said it was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
It continued: “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage.
However, the company has not been able to shake off the allegations. Last week, Best Buy Co (BBY.N), the No.1 U.S. electronics retailer, said it was pulling Kaspersky Lab’s cyber security products from its shelves and website.
Rob Joyce, the White House cyber security coordinator, said Wednesday at the Billington CyberSecurity Summit that the Trump administration made a “risk-based decision” to order Kaspersky Lab’s products removed from federal agencies.
Asked by Reuters whether there was a smoking gun showing Kaspersky Lab had provided intelligence to the Russian government, Joyce replied: ”As we evaluated the technology, we decided it was a risk we couldn’t accept.”
Some cyber security experts have warned that blacklisting Kaspersky Lab could prompt a retaliation from Russian President Vladimir Putin. Joyce said those concerns were a factor but that a “tough decision” ultimately had to be made to protect government systems.
Eugene Kaspersky, the company’s co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB. But he has adamantly denied charges his company conducts espionage on behalf of the Russian government. Full story at Reuters.
Our perspective: This is seemingly a "tough one". However, often solutions to problems become their own problem. When governments start to exclude commerical products because they might have been compromised or are owned by the "wrong people" whoever they may be, it's the start of a slippery slope. It is also probably going to be one of these decisions with unintended consequences. Unfortunately, this is not one of those decisions based on fact, but more of opinion. Not an entirely rational way to come to a conclusion.