The US government has banned the use of Kaspersky anti-virus products on all government computers after what it says ”careful consideration of available information and consultation with interagency partners.”
The statement issued by the Department of Homeland Security directed all Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities.
“The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems,” said the directive.
The directive claimed it founded that Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.
The Department said it was concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” said the directive.
The Department said it’s priority is to ensure the integrity and security of federal information systems reducing potential vulnerabilities, protecting against cyber intrusions, and anticipating future threats.
Kaspersky has been given an opportunity to submit a written response addressing the Department’s concerns or to mitigate those concerns.