The Trump administration has issued an outright ban on security software from Kaspersky Lab, months after the Russian firm was removed from a list of approved vendors.
The US acting secretary of homeland security, Elaine Duke, yesterday (13 September) issued a directive requiring federal executive branch departments and agencies to identify Kaspersky Lab products over the next 30 days, and make a plan to eliminate their use within 60 days. The discontinuation of use must commence within 90 days of the directive’s issuance.
The concerns of the US government around the use of Kaspersky Lab security software previously came to a head in July of this year, when Reuters reported that the administration of US president Donald Trump had removed the Moscow-based company from two lists of approved vendors that government agencies were permitted to use.
‘No credible evidence has been presented publicly by anyone or any organisation, as the accusations are based on false allegations and inaccurate assumptions’
– EUGENE KASPERSKY
Kaspersky Lab and the Kremlin
Concerns around the Kremlin using the firm’s products to gain entry into US networks were cited as the reason for the move. In July, Kaspersky Lab was adamant in its denial of links with the Russian government.
The directive stated: “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky Lab products to compromise federal information and information systems directly implicates US national security.”
In a statement issued by the Russian embassy in New York, officials warned that the ban would only escalate tensions between the two countries.“These steps can only evoke regrets. They only move back the prospects of bilateral ties recovery.”
‘No credible evidence’
The company made a lengthy statement in its defence, expressing disappointment at the US administration’s actions, but maintaining it “is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded”.
“No credible evidence has been presented publicly by anyone or any organisation as the accusations are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company.”
Kaspersky Lab made the point that the majority of its revenue streams exist outside of Russia, noting that unethical behaviour in collaboration with any government would be a disaster for its bottom line.
There were no minced words in the statement, with the company expressing concern that issues between the two nations meant, in its view, “that a private company can be considered guilty until proven innocent”.
CEO Eugene Kaspersky added: “No credible evidence has been presented publicly by anyone or any organisation, as the accusations are based on false allegations and inaccurate assumptions.”
It will take some time to tease out whether the US claims have any basis, or if Kaspersky Lab is simply tangled up in a geopolitical conflict between two major world powers.
As it stands, it has put a spanner in the works of Eugene Kaspersky’s plans to pivot from selling mainly consumer software to North Americans, to becoming a major player for US government bodies’ security needs.