Endpoint Security , Standards, Regulations & Compliance
Biden Administration Bans Kaspersky Antivirus Software
New Updates for Customers Will Become Unavailable on September 29The U.S. federal government is banning Russian cybersecurity firm Kaspersky Labs from selling antivirus software in the United States, officials announced Thursday, citing significant national security risks.
See Also: Secure and Simplify: Salesforce Data Protection with Rubrik
Department of Commerce officials urged current Kaspersky customers to "immediately find alternatives" after an investigation determined that Russian state hackers could turn the cybersecurity software against their users. The full ban will officially take effect September 29 to allow current customers to replace their antivirus software products.
Commerce Secretary Gina Raimondo said the ban was the result of "the Russian government's continued offensive cyber capabilities and capacities to influence Kaspersky's operations."
"Russia has shown it has the capacity and, even more than that, the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans," Raimondo said. "That's why we are compelled to take the action that we're taking today."
Commerce used powers established under the previous White House administration to fully prohibit Kaspersky and its affiliates, subsidiaries and parent companies from conducting business in the U.S. A 2019 executive order allows the department to block financial transactions with information and communications technology and services providers subject to the jurisdiction of a foreign adversary.
The department is also imposing export licensing restrictions on three Kaspersky business units, adding the company to a blacklist formally known as the Entity List and informally known as the "death penalty."
Commerce has considered broad actions against the Russian cybersecurity giant for years, as experts have said that potential enforcement actions could deal a fatal blow to Kaspersky's North American operations (see: How Much Damage Would US Action Against Kaspersky Inflict?). The U.S. Department of Homeland Security issued a 2017 directive requiring federal agencies to uninstall Kaspersky's software after discovering alleged links to Russian intelligence services.
The Bureau of Industry and Security - the Commerce agency tasked with enforcing limits on exports and transactions with companies considered national security risks - said national security risks surrounding Kaspersky don't stem from whether its products are capable of identifying viruses and other malware, "but whether they can be used strategically to cause harm to the United States."
Risks to the United States include using antivirus software to install malware, exploiting antivirus software's access to the computing kernel to exfiltrate data to Russia and withholding critical malware signature updates to sabotage the effectiveness of its malware detection.
Kaspersky proposed a number of mitigations to federal officials, but the Bureau of Industry and Security rejected them, writing that proposed changes to U.S. operations and staffing did "little to address the risks associated with Russian government control and direction."
A spokesperson for Kaspersky told Information Security Media Group the company "believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services."
"Kaspersky does not engage in activities which threaten U.S. national security," the spokesperson said in a statement, adding that the company "intends to pursue all legally available options to preserve its current operations and relationships."
*Updated 10:15 UTC, June 20 2024: Adds response from Kaspersky labs.