Russian cybersecurity company Kaspersky has been banned from selling its anti-virus software and other cybersecurity products in the United States due to concerns about the company’s ties to the Russian government. The U.S. Department of Commerce made the decision, stating that Kaspersky posed an “undue or unacceptable risk to national security.” The ban applies to Kaspersky Lab, Inc., the U.S. subsidiary of the Moscow-based company.
The Commerce Department’s Bureau of Industry and Security (BIS) determined that Kaspersky was subject to the jurisdiction of the Russian government, meaning it could be forced to comply with information requests from Moscow. This raised concerns that personal information stored on devices with Kaspersky’s software could end up in the hands of Russian authorities. The BIS also found that Kaspersky had the capability to install malicious software on customers’ computers or selectively deny updates, leaving them vulnerable to malware attacks.
Kaspersky responded to the ban by criticizing the Commerce Department for making a decision based on “theoretical concerns” rather than a comprehensive evaluation of the integrity of its products and services. The company argued that it does not engage in activities that threaten U.S. national security and has made significant contributions to protecting U.S. interests and allies.
Despite the ban, Kaspersky will be allowed to continue certain operations in the U.S. until September 29, 2024, including providing anti-virus signature updates and codebase updates. This gives Americans time to find suitable alternatives.
The Commerce Department’s decision comes in the wake of hackers linked to Russia being identified as responsible for a series of attacks on Microsoft corporate email accounts. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive asking federal agencies to mitigate these attacks. The U.S. government has long documented malicious cyber activity as part of Russia’s playbook.
A report from the Foundation for Defense of Democracies highlighted the threat that nations like Russia and China pose to U.S. critical infrastructure. The report called for the creation of an independent cyberservice for the U.S. military to address these threats.
Kaspersky’s ban raises concerns about the potential transfer of customer data to the Russian government and the vulnerability of American citizens and critical infrastructure to cyberattacks. It also highlights the ongoing need for robust cybersecurity measures and the importance of addressing the growing threat of nation-state actors in cyberspace.
