Kaspersky Denies It Is Security Risk, After US Sales Banned By Biden

Biden Administration bans sales of Kaspersky software in the US due to links to Russia, but Moscow-based firm says it will challenge ban

The United States has banned sales of Kaspersky Lab software in America, after Silicon UK had reported on Thursday that such a move was imminent.

Now the US Department of Commerce’s Bureau of Industry and Security (BIS) announced that “a Final Determination prohibiting Kaspersky Lab, Inc., the US subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to US persons.”

The move comes amid US concern about Kaspersky Lab’s large customers in America, including critical infrastructure providers, as well as state and local governments. Officials worry that those customers using Kaspersky software are vulnerable to Russia’s cyber operations.

Kaspersky

Ban, Entity List

According to the BIS, this action is “the first of its kind and is the first Final Determination issued by BIS’s Office of Information and Communications Technology and Services (OICTS).”

“Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use,” according to the official notice.

Kaspersky has a British holding company and US operations in Massachusetts, but BIS said it has added three entities – AO Kaspersky Lab and OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) – to the Entity List for their co-operation with Russian military and intelligence authorities in support of the Russian Government’s cyber intelligence objectives.

BIS said its Final Determination and Entity Listing are the “result of a lengthy and thorough investigation, which found that the company’s continued operations in the United States presented a national security risk – due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations – that could not be addressed through mitigation measures short of a total prohibition.”

The US said that individuals and businesses that utilise Kaspersky software are strongly encouraged to expeditiously transition to new vendors. But in an effort to minimise disruption to US consumers and businesses and to give them time to find suitable alternatives.

Kaspersky is therefore allowed to continue certain operations in the United States until 12am on 29 September 2024.

National security

“The Biden-Harris Administration is committed to a whole-of-government approach to protect our national security and out-innovate our adversaries,” said Secretary of Commerce Gina Raimondo.

US Secretary of Commerce Gina M. Raimondo.
Image credit US Government

“Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponise sensitive US information, and we will continue to use every tool at our disposal to safeguard US national security and the American people,” said Raimondo.

“Today’s action, our first use of the Commerce Department’s ICTS authorities, demonstrates Commerce’s role in support of our national defense and shows our adversaries we will not hesitate to act when they use their technology poses a risk to United States and its citizens,” said Raimondo.

Kaspersky response

Kaspersky is based in Moscow, Russia, and has offices in 31 countries, with 270,000 corporate clients globally, and 400 million users. This helped it generate revenue of $752 million in 2022.

Kaspersky for its part has always maintained that it is a private firm with no ties to the Russian government.

The firm has even previously offered its source code for inspection by the US government.

And now it has confirmed in a statement that it will challenge the US action by all possible legal options.

“Kaspersky is aware of the decision by the US Department of Commerce to prohibit the usage of Kaspersky software in the United States,” it said.

“Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted 3rd party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services,” it addded.

“Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies,” it stated.

“The company intends to pursue all legally available options to preserve its current operations and relationships.”

Western restrictions

Kspersky Lab has been firmly in the crosshairs of Western security agencies and governments for the past seven years now.

In 2017 the Department of Homeland Security banned Kaspersky antivirus from US federal networks, alleging ties to Russian intelligence and warning that Russian law could allow Putin’s intelligence agencies to compel assistance from Kaspersky.

The FBI also reportedly advised a wide range of private firms not to use Kaspersky’s products and some US retailers, such as Best Buy, removed them from shelves.

The same year the UK’s National Cyber Security Centre (NCSC) also warned British government departments not to use antivirus products with links to Russia for systems related to national security and those which were “critically important”.

And then Russia’s President Putin opted to illegally invade Ukraine in February 2022, which according to Reuters, prompted the US government to privately warn American companies that Moscow could manipulate software designed by Kaspersky to cause harm.

In May 2022 the Biden Administration elevated the priority of a national security probe into Kaspersky Lab, amidst heightened fears of cyberattacks due to the conflict in the Ukraine.

In March 2022, following the Ukraine invasion, Germany’s cyber-security authority, the Federal Office for Information Security (BSI), issued an official warning against using Kaspersky products due to threats made by Russia’s President Vladimir Putin against the EU, NATO and Germany.