DHS Orders Feds to Dump Software From Russia-Linked Kaspersky Lab

Delia Watkins
September 14, 2017

The US Department for Homeland Security has told government departments and agencies to remove all security software from the Moscow-based company Kaspersky Lab from their IT systems.

"The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security", it said.

One worst-case scenario the DHS outlines is that Russian intelligence agencies might work with Kaspersky officials to extract data from USA systems, using the very software that U.S. government agencies have installed to protect themselves.

"The risk that the Russian government - whether acting on its own or in collaboration with Kaspersky - could capitalize on access provided by Kaspersky products (in order) to compromise federal information and information systems directly implicates US national security", the directive said. A 2012 report from Bloomberg discussed founder Eugene Kaspersky's ties to the Russian FSB and his background in KGB-sponsored cryptography research.

Still, aside from Kaspersky's ties to Russia and the word "cyber", there's no public evidence to show that the company is colluding with Russian intelligence services.

Acting Homeland Security Secretary Elaine Duke gave government offices 90 days to begin to remove and replace the software.

At least a half-dozen federal agencies run Kaspersky on their networks, the US officials said, although there may be other networks where an agency's chief information security officer - the official ultimately responsible for systems security - might not be aware it is being used.

Hurricane Jose lingers in Atlantic, will it head toward US?
Because Hurricane Jose is so far from land, the National Hurricane Center has issued no watches or warnings yet. But forecasters warn that long-term forecasts are often off by hundreds of miles.

At a hearing of the Senate Intelligence Committee in May, six of the USA intelligence community's top officials all said they would not allow the use of Kaspersky software products in their systems. "The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit".

Earlier this year six top intelligence and security officials told a Congressional hearing that they would not use Kaspersky software.

Speaking Wednesday on the sidelines of the Billington CyberSecurity Summit in Washington, he noted that Kaspersky, like other Russian companies, is "bound to comply with the directive of Russian state security services, by law, to share with them information from their servers". Best Buy did not link its decision to US Senator Jeanne Shaheen's attempt to have Kaspersky banned on government computers, but didn't explain it either.

In a statement, Kaspersky Lab said it was "disappointed" with the decision and said it was based on "false allegations and inaccurate assumptions".

The move comes ahead of a vote in the US Senate this week to prohibit use of the company's products by government.

Founder and chief executive Eugene Kaspersky said he has repeatedly offered to present the company's source code to United States officials for an audit, but has not been given the opportunity to do so.

"In fact, the GSA pulled Kaspersky from its list of pre-approved vendors back in July", he said, noting US fears about potential cyber espionage.

Other reports by PlayStation Move reviews

Discuss This Article