The US Department of Homeland Security (DHS) on Wednesday directed federal departments and agencies to remove Kaspersky Lab products from their information systems.
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies,” Xinhua quoted the DHS as saying.
The US department also expressed concerns that under Russian laws, Kaspersky could be requested or compelled to help Russian intelligence agencies to intercept communications transiting Russian networks.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalise on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security,” it said.
The department’s Binding Operational Directive was issued “after careful consideration of available information and consultation with interagency partners,” the DHS said.
Under the directive, all federal departments and agencies will have 30 days to identify Kaspersky products used on their information systems, 60 days to develop detailed plans to remove them, and then begin discontinuing their use within 90 days.
The DHS said it will provide an opportunity for Kaspersky to submit a written response addressing the Department’s concerns.
Kaspersky, founded in 1997 and headquartered in Moscow, is now one of the world’s leading cyber security firms.
Currently, Kaspersky has three operational offices in North America and plans to open three more in 2018, but the US government sales “have not been a significant part of the company’s activity” in the region, it said Tuesday.
In response to Wednesday’s directive from the DHS, Kaspersky said it does not have “inappropriate ties” with any government and is “disappointed” with the US government decision.
“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company,” the company was quoted as saying.
Kaspersky said the Russian laws are being misinterpreted as they are only applicable to telecom companies and Internet Service Providers but the company does not provide communication services and therefore is not subject to these laws.