Kaspersky banned from US govt systems


By Jonathan Nally
Thursday, 14 September, 2017


Kaspersky banned from US govt systems

The US Department of Homeland Security (DHS) has given US government agencies and departments just 90 days to remove all Kaspersky Labs products from their systems.

The Binding Operational Directive, issued on 13 September by Acting Secretary of Homeland Security Elaine Duke, tasks “departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities”.

The directive calls for “departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems”.

The DHS cited “information security risks presented by the use of Kaspersky products on federal information systems”, specifically:

  • Antivirus products and solutions that provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.
  • Concern about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.
  • The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky products to compromise federal information and information systems.

The DHS said that while the action involves products of a Russian-owned and operated company, “the Department will take appropriate action related to the products of any company that present a security risk based on DHS’s internal risk management and assessment process”.

The DHS has given Kaspersky the opportunity to submit a written response addressing the concerns or to mitigate those concerns.

Pictured: Eugene Kaspersky, courtesy Kaspersky Lab.

Follow us and share on Twitter and Facebook

Related Articles

Nation-state actors have their sights on the cloud

Prioritising the protection of credentials and adopting robust security measures can better...

Combating financial crime with AI

Rapid digital transformation across Australia and New Zealand has provided cybercriminals with...

Learning from the LockBit takedown

An international taskforce has seized the darknet sites run by LockBit, but relying on law...


  • All content Copyright © 2024 Westwick-Farrow Pty Ltd