US President Donald Trump has signed the bill that bans the use of Kaspersky antivirus on government computers following concerns that software developed by the Moscow-based security vendor could be used for cyber-espionage.
Described as a “grave risk to US national security” by Democratic Senator Jeanne Shaheen, Kaspersky software was originally banned on computers used by select agencies, including the Department of Defense, earlier this year.
“The case against Kaspersky is well-documented and deeply concerning. This law is long overdue, and I appreciate the urgency of my bipartisan colleagues on the Senate Armed Services Committee to remove this threat from government systems,” Shaheen said.
Detailed in the Fiscal Year 2018 National Defense Authorization Act (NDAA), the Kaspersky ban comes without any public evidence that the Russian-based vendor indeed has ties with Russian intelligence, claims that the company itself denied on several occasions.
Section 1634 of the NDAA states the following:
SEC. 1634. Prohibition on use of products and services developed or provided by Kaspersky Lab.
(a) Prohibition.—No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by—
(1) Kaspersky Lab (or any successor entity);
(2) any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(3) any entity of which Kaspersky Lab has majority ownership.
(b) Effective date.—The prohibition in subsection (a) shall take effect on October 1, 2018.
"Kaspersky offered source code for review"
In a statement released this week, Kaspersky says the ban comes purely as a result of its headquarters being located in Russia.
“Congress singled out Kaspersky Lab based solely on the location of its headquarters, resulting in substantial and irreparable harm to the company, its US-based employees, and its US-based business partners,” the company said. “Kaspersky Lab is assessing whether any further action is appropriate to protect its interests.”
Kaspersky offered to work with the US government and provide access to its source code of its antivirus engine and software updates, but the White House administration said these steps aren’t enough to guarantee the security vendor isn’t working with Kremlin authorities for cyber-espionage.
The Russian company is also facing similar claims in the United Kingdom where authorities are recommending against using Kaspersky antivirus on government computers, also due to possible ties with Kremlin.