Trump administration orders purge of Kaspersky products from U.S. government

The Trump administration on Wednesday told U.S. government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.

The decision represents a sharp response to what U.S. intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.

In a statement, Kaspersky Lab rejected the allegations, as it has done repeatedly in recent months, and said its critics were misinterpreting Russian data-sharing laws that only applied to communications services.

“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions,” the company said.

The Department of Homeland Security (DHS) issued a directive to federal agencies ordering them to identify Kaspersky products on their information systems within 30 days and begin to discontinue their use within 90 days.

The order applies only to civilian government agencies and not the Pentagon, but U.S. intelligence leaders said earlier this year that Kaspersky was already generally not allowed on military networks.

In a statement accompanying its directive, DHS said it was “concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”

It continued: “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

The department said it would provide Kaspersky with the opportunity to submit a written response to address the allegations. The agency said other entities claiming commercial interests affected by the directive could also submit information

Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage.

However, the company has not been able to shake off the allegations. Last week, Best Buy Co (BBY.N), the No.1 U.S. electronics retailer, said it was pulling Kaspersky Lab’s cyber security products from its shelves and website.

The direct financial impact of the decision will likely be minimal for Kaspersky Lab, one of the world’s leading anti-virus software companies, which was founded in 1997 and now counts over 400 million global customers.

Federal contracting databases reviewed by Reuters show only a few hundred thousand dollars in purchases from Kaspersky, and an employee told Reuters in July the company’s federal government revenue was “miniscule.”

But Kaspersky also sells to federal contractors and third-party software companies that incorporate its technology in their products, so its technology may be more widely used in government than it appears from the contracting databases, U.S. officials say.

Kaspersky has never succeeded in becoming a major supplier to the US government. While Eugene Kaspersky (photo) – the CEO of the company, described to BBC news the revenue his firm earns from the US government as „close to zero”, the wider US market accounts for about a quarter of Kaspersky’s sales.

Eugene Kaspersky, the company’s co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB. But he has adamantly denied charges his company conducts espionage on behalf of the Russian government.

Source: Bloomberg