The Trump administration on Wednesday told US government agencies to remove Kaspersky Lab products from their information systems, saying it was concerned the Moscow-based cyber security firm was vulnerable to Kremlin influence. They must identify any use of Kaspersky products within 30 days, develop a plan to remove them within 60 days and discontinue using the services within 90 days.
The decision was made after the GSA raised concerns about a vulnerability in Kaspersky that could provide the Russian government backdoor access to systems running the security firm's products.
Minnesota Sen. Amy Klobuchar, the ranking Democrat on the Senate Rules Committee, sent a letter to Duke asking the department for information about the government's use of Kaspersky products, especially on critical infrastructure and election systems. Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems. Kaspersky has been under suspicion for cyberespionage for several months now, especially due to its ties to the Russian government and the fact that the company is required under Russian law to comply with Russian intelligence agency requests.
"Given that US government sales have not been a significant part of the company's activity in North America, Kaspersky Lab is exploring opportunities to better optimize the Washington D.C. office responsible for threat intelligence offerings to USA government entities", a Kaspersky spokeswoman said in a statement to Reuters. According to the company, American officials have misinterpreted Russian law.
It said it was not a telecoms provider and so not subject to the Russian laws Duke referred to on cooperation with the government.
"No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company", Kaspersky said.
Earlier this year six top intelligence and security officials told a Congressional hearing that they would not use Kaspersky software.
Kaspersky has long denied that his company, one of Russia's most successful technology companies, has connections to Russian intelligence agencies.
The Department of Homeland Security said Wednesday that Kaspersky could give a written response to the ban to address the department's concerns.
The company's cyber-security software is widely used in the United States, and its billionaire owner, Eugene Kaspersky, has close ties to some Russian intelligence figures, according to US officials. "The company looks forward to working with DHS, as Kaspersky Lab ardently believes a deeper examination of the company will substantiate that these allegations are without merit", the statement said.
"No" was the reply given by then-acting FBI Director Andrew McCabe, CIA Director Mike Pompeo, National Intelligence Director Dan Coats, National Security Agency Director Adm. Mike Rogers, National Geospatial-Intelligence Agency Director Robert Cardillo and Defense Intelligence Agency Director Lt. Gen. Vincent Stewart.
The federal ban could lead to pressure on state and local governments to ditch Kaspersky products as well.