More reports on: World economy

US bars agencies from using Russian Kaspersky Lab products

14 September 2017

The US on Wednesday banned federal agencies from using computer software supplied by Moscow-based cybersecurity firm Kaspersky Lab because of concerns about the company's ties to the Kremlin and Russian spy operations.

The Trump administration told government agencies to remove Kaspersky Lab products from their networks, saying it was concerned the firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardise national security.

The directive, issued by acting Homeland Security Secretary Elaine Duke, comes as various US law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.

The decision represents a sharp response to what US intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponised the internet in an attempt to influence its outcome.

Kaspersky said in a statement that it was disappointed by the directive and insisted ''it does not have unethical ties or affiliations with any government, including Russia''.

''No credible evidence has been presented publicly by anyone or any organisation as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company,'' it said.

Duke directed all US federal agencies and departments to stop using products or services supplied directly or indirectly by the Russian-owned and operated company. The directive gives agencies 30 days to determine whether they are using any Kaspersky products. The software must be removed from all information systems within 90 days.

The order applies only to civilian government agencies and not the Pentagon, but US intelligence leaders said earlier this year that Kaspersky was already generally not allowed on military networks.

''The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies,'' the directive said. It said the department also is concerned about Russian laws that would permit Russian spy agencies to compel Kaspersky to provide assistance or intercept communications transiting Russian networks.

''The risk that the Russian government - whether acting on its own or in collaboration with Kaspersky - could capitalise on access provided by Kaspersky products (in order) to compromise federal information and information systems directly implicates US national security,'' the directive said.

The directive provides Kaspersky an opportunity to respond or mitigate the department's concerns. Kaspersky said the company was happy to have an opportunity to provide information to show that the allegations are unfounded.

Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.

''Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it's disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,'' Kaspersky said.

Rob Joyce, the White House cyber security coordinator, said on Wednesday at the Billington CyberSecurity Summit that the Trump administration made a ''risk-based decision'' to order Kaspersky Lab's products removed from federal agencies.

Asked by Reuters whether there was a smoking gun showing Kaspersky Lab had provided intelligence to the Russian government, Joyce replied, ''As we evaluated the technology, we decided it was a risk we couldn't accept.''

The Associated Press points out that electronics retailer Best Buy has removed Kaspersky products from its shelves, although it declined to explain why. Amazon, which sells Kaspersky software, declined to comment. Staples and Office Depot, both of which sell the software, didn't immediately return AP's messages seeking comment.

The chief executive of the software company, Eugene Kaspersky, is a mathematical engineer who attended a KGB-sponsored school and once worked for Russia's ministry of defence. His critics say it's unlikely that his company could operate independently in Russia, where the economy is dominated by state-owned companies and the power of spy agencies has expanded dramatically under President Vladimir Putin.

At a Senate intelligence committee hearing in May, top US officials were asked whether they would be comfortable with Kaspersky software on their computers.

''No'' was the reply given by then-acting FBI Director Andrew McCabe, CIA Director Mike Pompeo, National Intelligence Director Dan Coats, National Security Agency Director Adm. Mike Rogers, National Geospatial-Intelligence Agency Director Robert Cardillo and Defense Intelligence Agency Director Lt General Vincent Stewart. Democrats on Capitol Hill too applauded the decision.

 search domain-b