US bans Russian cybersecurity software amid threat of influence operation

Concerns about Kaspersky were raised as far back as 2017.

June 20, 2024, 4:16 PM

The Biden administration is issuing a total ban on the use of a Russian-backed cybersecurity software in the United States due to the Russian government's alleged influence operations over the software, the U.S. Commerce Department announced on Thursday.

Kaspersky Lab's software has been a concern of U.S. government officials since at least 2017. Under Russian law, their government has total access to Kaspersky systems and therefore has access to the data of all of its customers, U.S. officials say.

"Russia has shown it has the capacity, and even more than that, the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans," Commerce Secretary Gina Raimondo told reporters on a call on Thursday.

Raimondo said the Commerce Department's Bureau of Industry and Security was able to ban Kaspersky under its new authorities.

PHOTO: Commerce Secretary Gina Raimondo speaks at the Mackinac Policy Conference in Mackinac Island, Mich., May 30, 2024.
Commerce Secretary Gina Raimondo speaks at the Mackinac Policy Conference in Mackinac Island, Mich., May 30, 2024.
Andrew Roth/Sipa USA via AP

Kaspersky "has long raised national security concerns" and it was banned from several government systems as far back as 2017, Raimondo said. She added that "while we've been exploring every option at our disposal, we ultimately decided that given the Russian government's continued offensive cyber capabilities and capacity to influence Kaspersky's operations, that we had to take the significant measure of a full prohibition if we're going to protect Americans and their personal data."

After July 20, Kaspersky is prohibited from entering into any new agreements inside the U.S. under the new ban. Kaspersky can provide existing customers with cyber and antivirus software until Sept. 29, but after that "Kaspersky will not be able to provide security updates." Software services will "degrade," the rule says.

PHOTO: Kaspersky has opened a new Transparency Centre on October 04, 2022 in Utrecht, Netherlands.
Kaspersky has opened a new Transparency Centre on October 04, 2022 in Utrecht, Netherlands.
Patrick Van Katwijk/Getty Images

Raimondo said she wanted to make clear that Americans and U.S. businesses who continue to use existing Kaspersky products will not be breaking the law, but they will not be able to update their products as of Sept. 30. "I would encourage you in the strongest possible terms to immediately stop using that software and switch to an alternative in order to protect yourself, your data, and your family," the commerce secretary said.

Homeland Security Secretary Alejandro Mayorkas, whose Department has a robust cyber agency, said in a statement Americans need to know they can rely on the safety of their devices.

“The actions taken today are vital to our national security and will better protect the personal information and privacy of many Americans," Mayorkas said. "We will continue to work with the Department of Commerce, state and local officials, and critical infrastructure operators to protect our nation’s most vital systems and assets.”

ABC News previously reported on the government's concerns about Kaspersky. The head of Kaspersky Lab, Eugene Kaspersky, at the time denied Russia's influence on the software company.

In an interview with ABC News in 2017, Kapersky called U.S. government warnings about his company "wrong advice" and said that "rumors about our partnership with government agencies [are] false."