Orders purge amid concern about Kremlin influence. The Trump administration has told United States government agencies to remove Kaspersky Lab products from their IT systems, saying it was concerned the Moscow-based cyber security firm is vulnerable to Kremlin influence.
The decision represents a sharp response to what US intelligence agencies have described as a national security threat posed by Russia in cyberspace.
It follows an election marred by allegations that Moscow weaponised the internet in an attempt to influence its outcome.
The Department of Homeland Security issued a directive to federal agencies ordering them to identify Kaspersky products on their information systems within 30 days, develop plans to remove products within 60 days, and begin to discontinue their use within 90 days.
“The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” DHS said in a statement.
Kaspersky did not immediately respond to a request for comment.
The company has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage. It said there is no evidence for accusations by US officials and lawmakers that its antivirus software may be used to provide espionage services to the Kremlin.
The decision by the Trump administration comes as the US senate prepares to vote on a defence policy spending bill that includes language that would ban Kaspersky Lab products from being used by government agencies.
Democratic senator Jeanne Shaheen, who had led efforts in Congress to crack down on Kaspersky Lab, applauded the Trump administration’s announcement.
“The strong ties between Kaspersky Lab and the Kremlin are alarming and well-documented,” Shaheen said, adding that she expected Congress to act soon to reinforce the decision by passing legislation.
Eugene Kaspersky, the company’s co-founder and chief executive, attended a KGB school, and the company has acknowledged doing work for the Russian intelligence agency known as the FSB. But he has adamantly denied charges his company conducts espionage on behalf of the Russian government.
Rob Joyce, the White House cyber security coordinator, said the Trump administration had made a “risk-based decision” to order Kaspersky Lab’s products removed from federal agencies.
Asked by Reuters whether there was a smoking gun showing Kaspersky had provided intelligence to the Russian government, Joyce replied: “As we evaluated the technology, we decided it was a risk we couldn’t accept”.
The direct financial impact of the decision will likely by minimal for Kaspersky Lab, one of the world’s leading antivirus software companies, which now counts over 400 million global customers.
Federal contracting databases show only a few hundred thousand dollars in purchases from Kaspersky, and an employee in July said the company’s federal government revenue was “miniscule.”
However, Kaspersky also sells to federal contractors and third-party software companies that incorporate its technology in their products, so its technology may be more widely used in government than it appears from the contracting databases, officials say.