The Department of Homeland security ordered government agencies to stop using any software products made by Kaspersky Lab. The department cited concern about possible ties between Kaspersky officials and Russian intelligence.
Agencies in the executive branch are expected to begin the process of discontinuing Kaspersky products within 90 days.
According to a DHS statement posted online by Reuters reporter Dan Volz:
The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security... The Department's priority is to ensure the integrity and security of federal information systems.
The order applies to all civilian government networks, but not the military, according to The Washington Post, which first reported the ban. The Defense Department doesn't generally use Kaspersky software in any case, officials there told the newspaper.
The General Services Administration removed Kaspersky from a list of pre-approved technology vendors in July after press reports emerged linking the company to Russian intel.
A Kaspersky Lab spokesperson said in a statement that the company is disappointed in the DHS decision and will provide additional information "to confirm that these allegations are completely unfounded." The statement says that working "inappropriately with any government would be detrimental to the company's bottom line," since 85 percent of revenue comes from outside Russia.
The statement reads in part:
Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia.
Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues.
The company says the reports are based on Russian policies and laws that have been misinterpreted, since they apply to telecoms and ISPs, not Kaspersky.
Congress was briefed on the move just today, and Reuters reports that some lawmakers say they weren't given advance notice.
Senator Jeanne Shaheen (D-N.H.), who been asking for action to be taken against Kaspersky for some time, praised the move. "Applaud DHS for heeding my call to remove all Kaspersky products from federal agencies," the senator said on Twitter. "Kaspersky is a direct threat to national security."
The giant tech and appliance retailer Best Buy removed Kaspersky products from its shelves last week. The Minnesota-based retailer "felt there were too many unanswered questions and so [it] has decided to discontinue selling the products," according to a source who spoke to the Minneapolis Star Tribune.
The federal ban could lead to pressure on state and local governments to ditch Kaspersky products as well.