US Government Ban on Kaspersky FormalizedFinal Rule Includes Ban on Government Contractors Using Russian Firm's Products
A final rule published in the Federal Register Tuesday officially bans U.S. government agencies and their their contractors from buying or supporting Kaspersky security products.
See Also: The Power and Scale of XDR
The rule to ban Kaspersky formally carries out a provision in the 2018 National Defense Authorization Act that bars all civilian and military agencies from using software products from Kaspersky, formerly known as Kaspersky Lab (see: New Law Bans Kaspersky AV Software From Federal Computers). The new rule replaces an interim rule that had been in place for several months.
The final version of the rule spells out that contractors conducting business with the U.S. government cannot use Kaspersky. "Contracting officers shall not purchase any hardware, software or services developed or provided by Kaspersky Lab that the government will use on or after Oct. 1, 2018," the rule states.
For several years, U.S. politicians, including Sen. Jeanne Shaheen, D-N.H., have expressed concerns that Kaspersky executives – some of whom are former Russian intelligence officers – have close ties to the Russian government. The Russian-based company has argued that no evidence linking it to the Russian government or cyberespionage has ever been produced.
Although the Kaspersky ban was formalized Tuesday, government agencies, including the Department of Homeland Security, started removing the company's products and services in 2017.
Alan Chvotkin, executive vice president and counsel for the Professional Services Council, a trade group representing federal contractors, tells NextGov that the newly issued final rule is designed to make sure all agencies and contractors remove Kaspersky products from their systems or face a penalty.
As it has since questions first came up about its products, Kaspersky denies any wrongdoing.
"Kaspersky maintains that the statutory provisions underlying the now final rule, Sections 1634 (a) and (b) of the National Defense Authorization Act for Fiscal Year 2018, were unconstitutional, were based on unsubstantiated allegations, and lacked any public evidence of wrongdoing by the company," a company spokesperson tells Information Security Media Group. "Through its global transparency initiative, Kaspersky continues to demonstrate its ongoing commitment to assuring the integrity and trustworthiness of its products and the protection of its users' data."
Earlier, the company filed a series of lawsuits against the U.S. government, claiming that the decision that the led to the ban in the National Defense Authorization Act lacked due process. Kaspersky argued that it had a right to an impartial hearing before a judge and that the government's actions had damaged its reputation.
Those lawsuits were dismissed in May 2018 (see: Kaspersky Lawsuits Seeking to End Government Ban Dismissed).
Meanwhile, Chinese telecommunications giant Huawei is fighting a U.S. ban against government agencies using its products (see: Huawei Takes New Legal Step to Fight US Ban).