Biden administration bans Kaspersky software over security concerns
Commerce secretary Gina Raimondo highlighted threats to critical infrastructure, while Kaspersky plans legal action.
The Biden administration has announced plans to prohibit the sale of Kaspersky Lab's antivirus software in the US.
The significant move to bolster national security, it said, highlights concerns over potential Russian government influence on the company, which could lead to cybersecurity vulnerabilities.
Commerce secretary Gina Raimondo highlighted the heightened security risks posed by Kaspersky software, which has deep access to users' computer systems. This access could be exploited to steal sensitive information, install malware, or withhold critical updates. These concerns are particularly acute given that Kaspersky's customer base includes critical infrastructure providers and various state and local government entities.
"Russia has shown it has the capacity and the intent to exploit Russian companies like Kaspersky to collect and weaponise the personal information of Americans and that is why we are compelled to take the action that we are taking today," Raimondo stated during a briefing with reporters.
Kaspersky's response
Kaspersky Lab has expressed disappointment with the decision, attributing it to the current geopolitical climate rather than a thorough assessment of its products' integrity. The company asserted that its operations do not threaten US national security and indicated plans to explore legal avenues to maintain its US operations.
The new rule, developed using powers established during the Trump administration, will also place three Kaspersky units on a trade restriction list. This measure is expected to significantly damage Kaspersky's reputation and potentially impact its international sales.
The restrictions, which will become effective on 29 September, aim to give businesses time to transition to alternative software solutions. They will also bar downloads of software updates, resales and licencing of Kaspersky products. Additionally, sales of white-labelled products that incorporate Kaspersky software under different brand names will be prohibited.
The Commerce Department will enforce these restrictions, with fines imposed on sellers and resellers who violate them. While software users will not face legal penalties, they will be strongly advised to discontinue use.
Speaking to Computing, Andrew Borene, executive director for global security at threat intelligence firm Flashpoint said: "This decision is a logical reflection of the tectonic shifts that are dividing economies along the lines of power competition between allies and the Russia/China/Iran/North Korea digital domain; these divides obviously extend into private sector actors as well.
"Kaspersky has a history of problems with US, Canadian and other allied governments - banning its use for US security probably is a wise choice in many cases, particularly in the categories of civilian critical infrastructure at state/local/municipal level whether that infrastructure is inherently governmental or privately owned and operated."
Historical context
The US move is part of a broader strategy to mitigate cybersecurity risks from foreign adversaries, particularly Russia and China. In 2017, the Department of Homeland Security had already banned Kaspersky's antivirus product from federal networks, citing alleged ties to Russian intelligence and potential for government-mandated assistance under Russian law.
Recent escalations, such as Russia's invasion of Ukraine, have further intensified scrutiny on Kaspersky. The Commerce Department's latest actions follow a national security probe into the software, which was accelerated by the conflict.
Kaspersky, which operates a British holding company and maintains US operations in Massachusetts, reported revenues of $752 million in 2022, serving over 220,000 corporate clients worldwide. Its prominent customers include notable entities such as Piaggio, Volkswagen's retail division in Spain, and the Qatar Olympic Committee.