open lock (ESB Professional/Shutterstock.com)

DHS orders Kaspersky software removed from agency systems

Federal executive branch agencies must stop using software from Kaspersky Lab.

Citing the potential that Kaspersky Lab products or services could be used by "malicious cyber actors" to gain access to federal IT systems, the Department of Homeland Security has given agencies 30 days to identify Kaspersky software on their systems and 60 days to develop plans to remove it. After 90 days, they must start removing the Kaspersky products, unless instructed otherwise.

DHS said it is concerned that Kaspersky  products "provide broad access to files and elevated privileges on the computers on which the software is installed, " which could be used to compromise those systems. Additionally it cited concerns about "ties between certain Kaspersky officials and Russian intelligence and other government agencies" and that Russian laws could compel the company to assist Russian intelligence agencies to intercept communications traveling over Russian networks.

"The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security," DHS said.

For months, U.S. government officials and members of Congress have been expressing alarm and concern about Russian-based cyber firm Kaspersky Lab. In July, Kaspersky Lab was removed from two governmentwide contract vehicles: General Services Administration's Schedule 70 contract and NASA's SEWP vehicle. Later that same month, the House Science, Space and Technology committee sent a letter asking cabinet agencies and departments for any records they have related to the purchase or use of Kaspersky Lab products.

The Sept. 13 release said that DHS is providing the company an opportunity to submit a written response to address the department's concerns. Though military and intelligence officials as well as members of Congress have gone on record expressing their concerns or doubts about the company, the government has yet to release or make public any evidence that would prove or suggest Kaspersky Lab products have been compromised by Russian intelligence agencies. The government has also not clarified whether it is relying on classified information or other sources to reach its conclusions .

Kaspersky Lab founder Eugene Kaspersky has denied allegations that his company is conducting espionage on behalf of Russia and said the U.S. government lacks evidence to justify the move.

In a Sept. 13 statement attributable to Kaspersky Lab, the company said it was "disappointed" by the DHS order, but "grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded." The statement also argued that DHS was misinterpreting Russian law when it made its determination.

Few agencies use Kaspersky products on a stand-alone basis, but they are embedded into computers, mobile devices and routers widely used in the government and the private sector.

The National Institute of Standards and Technology released a set of metadata and file hashes for systems administrators and IT workers to use to identify Kaspersky applications in support of the DHS directive.

A longer version of this article was first posted to FCW, a sibling site to GCN.

About the Author

Derek B. Johnson is a staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Fri, Sep 15, 2017 DrK

I sincerely hope that all of Kaspersky's software was removed long before it was announced publicly. If not it would be a great time to set off a cyber attack before systems have software removed.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group