DHS Orders Removal Of Kaspersky Cyber Security Software

September 13, 2017, Three months after the General Services Administration removed Kaspersky Lab from a list of approved federal  vendors, Homeland Security is banning the Russian security software maker outright. In a statement on Wednesday, DHS Acting Secretary Elaine Duke directed all Executive Branch agencies and departments to identify over the next 30 days any Kaspersky products being used, make a plan in the next 60 days to eliminate their use and begin that discontinuation within 90 days.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS said in its directive. On that issue:

From the New York Times

Kaspersky is considered one of the foremost cybersecurity research firms in the world, and has considerable expertise in designing antivirus software and tools to uncover spyware used by Western intelligence services. The company was founded by Eugene V. Kaspersky, who attended a high school that trained Russian spies, and later wrote software for the Soviet Army before going on to found Kaspersky Lab in 1997. He has insisted that neither he nor his company have active ties to the Russian military or intelligence services

From Washington Post

The U.S. intelligence community has long assessed that Kaspersky has ties to the Russian government. The company’s founder, Eugene Kaspersky, graduated from a KGB-supported cryptography school and had worked in Russian military intelligence.

The DHS Directive goes on to say, “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

DHS states that it will allow Kaspersky and “any other entity that claims its commercial interests will be directly impacted” to submit a written argument along with any evidence or data that could offset the U.S. government’s concerns.

While the new steps from DHS are a strong statement on its suspicions, the truth is murkier. Given the controversy over Kaspersky’s rumored but never clearly substantiated closeness with Russian intelligence, the move might just be erring on the side of caution. Still, to purge Kaspersky products altogether in such a public way sends a strong message, but who the message is to or what if anything it’s actually rooted in remains far from clear.

2 Comments on "DHS Orders Removal Of Kaspersky Cyber Security Software"

  1. The Oracle of Tucson | September 14, 2017 at 1:15 am |

    This year’s biggest understatement is:
    “Kaspersky, could capitalize”. So who’s bright idea was it to let the Russians have access to our national computers while claiming to be protecting them?
    Only in America…

    The Oracle

  2. Meanwhile the government continues
    to purchase hardware from Chinese
    companies with multiple verified
    hardware back doors and vulnerabilities.

    [laptops, cell phones, computer routers]
    Lenovo, Huawei and ZTE are just a few that
    pop to mind immediately.
    just one example:

Comments are closed.