Federal agencies have 90 days to remove Kaspersky Lab software from their systems.
The US Dept. of Homeland Security (DHS) has issued a binding operational directive to all federal agencies, ordering them to shutter use of Kaspersky software within 90 days over concerns with the Russian-based company’s ties to the Kremlin.
In a statement, DHS has offered federal agencies 30 days to identify Kaspersky Lab products on their networks and to remove and discontinue present and future use of the products in the next 60 days.
“This action is based on the information security risks presented by the use of Kaspersky products on federal information systems, ” DHS said.
“Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.”
According to DHS, there are requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky Lab and to intercept communications transiting Russian networks.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky Lab products to compromise federal information and information systems directly implicates US national security, ” the department continued.
DHS will let Kaspersky submit a written response addressing the department’s concerns. Reuters reports that Kaspersky has already rejected the allegations alluding to espionage.
“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, ” Kaspersky Lab is quoted as saying.
In July, the Trump administration removed Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, limiting the use of the Russian-based company’s products amid concerns it could be used by the Kremlin to gain entry into US networks.
Reuters said at the time that Kaspersky products had been removed from the General Services Administration’s (GSA) list of vendors for contracts that cover information technology services and digital photographic equipment.
Under the guidelines, government agencies were, however, still able to use Kaspersky products purchased separate from the GSA contract process.
The removal follows the accusations from US intelligence agencies that Russia hacked into Democratic Party emails, thus helping Donald Trump to election victory, despite President Vladimir Putin proclaiming his country has never engaged in hacking activities, but some “patriotic” individuals may have .
Speaking with journalists in Sydney in June, Eugene Kaspersky said he would not be surprised if there was Russian interference in the most recent US election.
“No surprise if the Russian characters raided the air — unfortunately I don’t have any hard data because we were not involved in the investigation, ” the Kaspersky Lab chief said.
“Do I think it was a real influence on the result of the election? I don’t know. I don’t believe in a visible influence or if this information had anything to do with the result of the election, ” he added.
He did say, however, that when speaking of Russian hackers to be aware of the fact that particular people could actually hail from Russia, Ukraine, Silicon Valley, or even Sydney.
“Maybe they were Russian citizens, I’m not surprised, ” he said.