ZDNet reported last week that the US Dept. of Homeland Security (DHS) has issued a binding operational directive to all federal agencies, ordering them to cease using Kaspersky Lab software within 90 days over concerns with the Russian-based company's ties to the Kremlin.
DHS has given federal agencies 30 days to identify Kaspersky Lab products on their networks and an order to remove and discontinue present and future use of the products in the following 60 days.
DHS said, "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems."
According to DHS, there are requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky Lab and to intercept communications transiting Russian networks. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky Lab products to compromise federal information and information systems directly implicates US national security," the department continued.
DHS will let Kaspersky submit a written response addressing the department's concerns. Reuters reports that Kaspersky has already rejected the allegations regarding espionage.
There doesn't appear to be any credible evidence against Kaspersky thus far. While I understand the concern surrounding the use of Kaspersky, it is a pity in many ways. Kaspersky Lab produces first class software and is often the first on the block to discover and report new threats and ways to protect against them.
E-mail: email@example.com Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology