The Trump Administration has ordered federal agencies to remove Kaspersky Lab products from government computers over concerns the Moscow-based cybersecurity software company might be vulnerable to Russian government influence.
All federal departments and agencies have 30 days to identify any Kaspersky products in use on their networks, according to a binding directive issued on Wednesday by Acting Secretary of Homeland Security Elaine Duke. The departments have another 60 days to begin removal of the software, which the DHS worries might pose a security risk due to connections the company has to the Russian government.
DHS “is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a statement.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security,” the department said.
Kaspersky rejected the allegations, saying in a statement it “doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company.”
The company went on to say Russian law requiring data sharing is being misinterpreted by some and doesn’t apply to the company.
“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” Kaspersky said, adding it looked forward to working with the DHS to prove the allegations are “without merit.”
A day later, Eugene Kaspersky, co-founder and CEO of the company, said he wanted to testify in front of a US Congressional committee along with other cybersecurity experts on Sept. 27. He said his participation would hinge on if he could make travel arrangements in time.
“I appreciate and accept the invitation to testify before the U.S. House of Representatives Committee on Science, Space, and Technology,” he said in a statement emailed to CNET. “If I can get an expedited visa, I look forward to publicly addressing the allegations about my company and its products.”
Cybersecurity has become a hot topic in Washington as concerns have mounted over email leaks during the 2016 presidential election campaign and reports of Russian online meddling, as well as breaches at government agencies and in the business world. In May, President Donald Trump signed an executive order on cybersecurity that calls for US government agencies to modernize and strengthen their computer systems.
Similar bans against US government use of Kasperksy products have been suggested before. In June, aprohibiting the US military from using the company’s products was reportedly included in the Senate’s draft of the Department of Defense’s budget rules.