The federal government on Wednesday banned the use of an internationally popular brand of Russian-made security software over concerns that its manufacturer has ties to the country's spy service and the software could present a threat to national security.
The Department of Homeland Security gave federal offices 90 days to eliminate any software manufactured by Kaspersky Lab from their information systems.
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” Acting Homeland Security Secretary Elaine Duke said in a statement. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
Concerns about Kaspersky, a leading global seller of anti-virus programs, have been circulating for some time. They have taken on a new urgency amid the investigation into Russia’s meddling in the 2016 presidential election.
McClatchy reported in July that documents it viewed appeared to show a link between Kaspersky and the Russian Security Service, the spy agency known as the FSB.
The General Services Administration, which oversees federal purchasing, has already cut the Russian software firm from its list of approved vendors. The retail giant Best Buy has said it would stop selling company’s software. The FBI warned industry leaders about potential risks of using Kaspersky products last year.
On Twitter, company founder Eugene Kaspersky said that allegations of “inappropriate ties” to the Russian government were “unfounded.”
“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company,” he tweeted.
Eugene Kaspersky, the CEO, studied cryptography, programming and mathematics at an academy operated by the KGB, the FSB’s Soviet-era predecessor, then worked for the Ministry of Defense. He established the company, the largest software vendor in Europe, 20 years ago.
The federal order banning its products only affects civilian federal agencies. The software is not widely used in the Defense Department and the military. Some government networks might not know they are using the software because of subcontracting. Many state and local governments use the software as well.
Several lawmakers have been sounding alarms about Kaspersky for months. Democratic Sen. Jeanne Shaheen of New Hampshire has push legislation that would ban the company’s products government-wide.
“I applaud the Trump administration for heeding my call to remove Kaspersky Lab software from all federal agencies,” she said in a statement.. “The strong ties between Kaspersky Lab and the Kremlin are very alarming and well-documented. Today’s announcement is a significant step forward in removing this national security vulnerability from federal computer systems.”
Republican Rep. Will Hurd of Texas, a former CIA case officer and member of the House Intelligence Committee, brushed off concerns that Russia might retaliate for the Kaspersky decision.
“We need to defend our own digital infrastructure," said Hurd, while attending the Billington CyberSecurity Summit in Washington Wednesday. “I trust the national security staff to make these decisions on actual threats.”
Tim Johnson contributed to this story.