US Bans Kaspersky Antivirus Software, Citing Russian Influence
Authored by Naveen Athrappully via The Epoch Times,
The U.S. Department of Commerce banned Russian company Kaspersky from selling its anti-virus software and other cybersecurity products in the country after determining that the firm posed an “undue or unacceptable risk to national security.”
“Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use,” the Commerce Department’s Bureau of Industry and Security (BIS) said in a June 20 press release.
The prohibition is applicable to Kaspersky Lab, Inc., the U.S. subsidiary of Moscow-based Kaspersky Lab. The company’s operations were deemed to be risky to the United States “due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations.”
Such risks could not be dealt with simply through mitigation strategies, which made a total prohibition the only choice left to ensure national interests remain protected, the BIS stated.
Specifically, the BIS determined that Kaspersky was subject to the Russian government’s jurisdiction, which forces it to comply with information requests from Moscow. This could lead to personal information stored on devices with the company’s anti-virus software getting into the hands of Russian authorities.
“Kaspersky has broad access to, and administrative privileges over, customer information through the provision of cybersecurity and anti-virus software. Kaspersky employees could potentially transfer U.S. customer data to Russia, where it would be accessible to the Russian Government under Russian law,” the BIS said.
Commenting on the U.S. ban, the company criticized the Commerce Department for having made a decision based on “present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services.
“Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies.”
The BIS found that Kaspersky also has the power to install malicious software on its customer’s computers or to selectively deny updates. This could leave American citizens and U.S. critical infrastructure vulnerable to malware attacks, the BIS said.
Kaspersky’s software is also integrated into third-party products and services. As such, people who use such third-party products could unknowingly introduce Kaspersky’s programs into their devices or networks, thus potentially compromising their personal data, BIS stated.
Kaspersky said it has implemented “significant transparency measures” to ensure the company’s trustworthiness. Such measures are “unmatched” by any of the company’s peers in the cybersecurity industry.
The Commerce Department’s ban “unfairly ignores the evidence,” the company said.
“The company intends to pursue all legally available options to preserve its current operations and relationships,” Kaspersky said. “The decision does not affect the company’s ability to sell and promote cyber threat intelligence offerings and/or trainings in the U.S.”
Russian Cyber Threat
To minimize the fallout resulting from banning Kaspersky software, the Commerce Department will allow the company to continue certain operations in the country until 12:00 a.m. ET on Sept. 29, 2024.
Such operations include providing anti-virus signature updates and codebase updates. The agency claims this gives Americans enough time to find suitable alternatives.
“Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people,” said Secretary of Commerce Gina Raimondo.
According to the BIS, Kaspersky Labs Limited from the United Kingdom as well as AO Kaspersky Lab and OOO Kaspersky Group from Russia have been added to the Entity List “for their cooperation with Russian military and intelligence authorities in support of the Russian Government’s cyber intelligence objectives.”
Companies in the Entity List are subjected to export restrictions and licensing requirements for certain technologies and products.
The Commerce Department’s decision comes after hackers linked to Russia were identified as being responsible for a series of attacks on Microsoft corporate email accounts.
In April, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive that asked federal agencies to take necessary steps to mitigate Midnight Blizzard, a Russian state-sponsored actor that accessed the email accounts.
Jen Easterly, director of CISA, said the “U.S. government has documented malicious cyber activity as a standard part of the Russian playbook” for several years, “This latest compromise of Microsoft adds to their long list.”
A March 25 report from the Foundation for Defense of Democracies (FDD) pointed out that nations like Russia and China pose a serious threat to U.S. critical infrastructure. In the face of these threats, America’s cyber force generation system is “clearly broken,” it said.
The report called for the creation of an independent cyberservice for the U.S. military alongside the Army, Air Force, Navy, Marine Corps, Coast Guard, and Space Force.
The Epoch Times reached out to the Russian Embassy for comment on the Kaspersky ban.