The federal government needs antivirus and malware protection at least as much as any other large organization, if not more. But now, after first stopping new purchases, and then asking private business to cut ties, the feds are officially blocking any government use of Kaspersky Lab products, citing security concerns over the company’s reported ties to the Kremlin.
The Department of Homeland Security today issued a binding operational directive — that’s an order, to most of us — requiring all federal agencies to excise Kaspersky software from their systems.
Agencies have 30 days to identify if they’re using any Kaspersky products, 60 days to come up with a detailed plan how to stop and switch if they are, and 90 days to begin implementing the plan to give Kaspersky the boot.
“This action is based on the information security risks presented by the use of Kaspersky products on federal information systems,” DHS writes. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
Russia, Russia, Russia
Kaspersky isn’t some new startup. The company has been offering its suite of antivirus and security products in the U.S. for nearly 20 years. They’re generally well-regarded, considered to be at least as good as the competition when it comes to features and price.
But there’s one big factor that’s become a big problem, in this deeply weird modern era we’re all living through: The company and its founder, Eugene Kaspersky, are Russian, and the company and its products have recently come under scrutiny as a result.
Since 2015, several reports have surfaced that Eugene Kaspersky has ties to Russian military intelligence. Any potential vulnerabilities related to using the software stemming from those ties were by and large minimized or ignored, though… until recently.
Another brick in the wall
It’s been a rough summer for Kaspersky.
In May, the Senate Intelligence Committee held a hearing at which the heads of several intelligence agencies told Senators they were monitoring Kaspersky Lab and had concerns about the security of its products.
Then in July, on the heels of a report from Bloomberg Businessweek claiming that Kaspersky — both the company and the man — still had ties to Russian intelligence, the feds removed Kaspersky products from the approved list government agencies can buy from.
In August, that was followed by a report that the FBI was asking private-sector companies to stop buying and using Kaspersky products. Then earlier this week, Best Buy became the first major retailer to pull Kaspersky software from its shelves.