DHS directs government agencies to scrub systems for Russian company's software

U.S. officials have expressed growing concern about Kaspersky Lab.

ByABC News
September 13, 2017, 3:02 PM

— -- The Department of Homeland Security is directing all 430 departments, agencies and offices comprising the U.S. government to scrub their systems for any software made by Kaspersky Lab, a world-renowned cybersecurity firm based in Moscow that U.S. officials increasingly allege has ties to the Russian government.

"This action is based on the information security risks presented by the use of Kaspersky products on federal information systems," DHS said in a statement today. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."

This is one of the U.S. government’s most significant steps yet amid concerns that the Kremlin could try to use Kaspersky Lab software – embedded in homes, businesses and government systems across the United States – to spy on Americans, steal sensitive files or attack critical infrastructure.

"After careful consideration of available information and consultation with interagency partners, Acting Secretary of Homeland Security Elaine Duke today issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to ... identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems," DHS said in a press release today.

Kaspersky Lab responded in a statement today, saying, "Given that Kaspersky Lab doesn't have inappropriate ties with any government, the company is disappointed with the decision by the U.S. Department of Homeland Security (DHS), but also is grateful for the opportunity to provide additional information to the agency in order to confirm that these allegations are completely unfounded. No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions."

The DHS decision comes on the same day that Sen. Amy Klobuchar, D-Minn., sent a letter to DHS Acting Secretary Elaine Duke, demanding information on the U.S. government's use of Kaspersky Lab software.

"While our intelligence agencies may not use Kaspersky software, other federal agencies do ... [and] it is alarming that essential U.S. government agencies do," Klobuchar wrote. "This is especially concerning because the Russian government is actively trying to undermine our democracy."

In particular, Klobuchar wants to know whether DHS uses Kaspersky Lab software on any critical infrastructure, whether DHS has reached out to state agencies about their use of such software, and whether DHS is working to ensure that any software on election-related systems is safe to use.

Kobuchar cited ABC News’ exclusive reporting that DHS issued a secret memorandum about Kaspersky Lab in February.

Two months ago, the Trump administration decided to remove Kaspersky Lab from the U.S. government's list of companies whose products are approved for use on federal systems.

The government list -- known as a schedule -- is maintained by the General Services Administration, and GSA "made the decision to remove Kaspersky Lab-manufactured products" after "review and careful consideration," a GSA spokeswoman said at the time.

As ABC News first reported two weeks ago, Sen. Jeanne Shaheen, D-N.H., is pushing legislation to prohibit the federal government from using products made by Kaspersky Lab, which she said has “extensive ties to Russian intelligence.”

"The Kremlin hacked our presidential election, is waging a cyberwar against our NATO allies and is probing opportunities to use similar tactics against democracies worldwide," she wrote in The New York Times last week. "Why then are federal agencies, local and state governments and millions of Americans unwittingly inviting this threat into their cyber networks and secure spaces?"

Kaspersky Lab has dismissed such concerns as "unfounded conspiracy theories," insisting it poses no threat to customers and has no "bad" ties with the Russian government.

U.S. officials have yet to publicly present any evidence indicating concerning links between Kaspersky Lab employees and elements of the Russian government.

But Shaheen, a key member of the Senate Armed Services Committee, said assessments underlying U.S. officials' concerns are classified, and "it is unacceptable to ignore questions about Kaspersky Lab because the answers are shielded in classified materials."

An ABC News investigation earlier this year found that -- largely through outside vendors -- Kaspersky Lab software has been procured by some segments of the Defense Department, Justice Department, and other federal agencies.

As ABC News previously reported, the FBI launched a counterintelligence investigation of Kaspersky Lab several years ago, and the agency has recently been taking new steps to assess Kaspersky Lab's relationship with Russian intelligence services, including interviewing company employees based in the United States.

Kaspersky Lab CEO Eugene Kaspersky has called U.S. government efforts "extreme."

"Kaspersky Lab is facing one of the most serious challenges to its business yet, given that members of the U.S. government wrongly believe the company or I or both are somehow tied to the Russian government," he recently wrote on his blog. "Basically, it seems that because I'm a self-made entrepreneur who, due to my age and nationality, inevitably was educated during the Soviet era in Russia, they mistakenly conclude my company and I must be bosom buddies with the Russian intelligence agencies ... Yes, it is that absurdly ridiculous."

"Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations," the company said in a statement today. "Kaspersky Lab, a private company, seems to be caught in the middle of a geopolitical fight where each side is attempting to use the company as a pawn in their political game."

In its statement today, DHS said it is "providing an opportunity for Kaspersky to submit a written response addressing the department’s concerns or to mitigate those concerns. ... The department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant."

Related Topics