U.S. agencies ordered to stop using software
WASHINGTON — The U.S. on Wednesday banned federal agencies from using computer software supplied by Kaspersky Lab because of concerns about the company’s ties to the Kremlin and Russian spy operations.
The directive issued by acting Homeland Security Secretary Elaine Duke comes as various U.S. law enforcement and intelligence agencies and several congressional committees are investigating Russian meddling in the 2016 presidential election.
Kaspersky said in a statement that it was disappointed by the directive and insisted “it does not have unethical ties or affiliations with any government, including Russia.”
Duke directed all U.S. federal agencies and departments to stop using products or services supplied directly or indirectly by the Russian-owned and operated company. The directive gives agencies 30 days to determine whether they are using any Kaspersky products. The software must be removed from all information systems within 90 days.
“The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies,” the directive said. It said the department also is concerned about Russian laws that would permit Russian spy agencies to compel Kaspersky to provide assistance or intercept communications transiting Russian networks.
“The risk that the Russian government — whether acting on its own or in collaboration with Kaspersky — could capitalize on access provided by Kaspersky products (in order) to compromise federal information and information systems directly implicates U.S. national security,” the directive said.
The directive provides Kaspersky an opportunity to respond or mitigate the department’s concerns.
Kaspersky said the company was happy to have an opportunity to provide information to show that the allegations are unfounded.
“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company,” Kaspersky said.
Kaspersky said it is not subject to the Russian laws cited in the directive and said information received by the company is protected in accordance with legal requirements and stringent industry standards, including encryption.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” Kaspersky said.
Electronics retailer Best Buy has removed Kaspersky products from its shelves, although it declined to explain why. Amazon, which sells Kaspersky software, declined to comment. Staples and Office Depot, both of which sell the software, didn’t immediately return messages seeking comment.
The chief executive of the software company, Eugene Kaspersky, is a mathematical engineer who attended a KGBsponsored school and once worked for Russia’s Ministry of Defense.