The Department of Homeland Security announced Tuesday that products from the Moscow-based cyber security firm, Kaspersky Lab have been removed from federal government computers.
“Generally what we’re doing is we’re looking at it from a supply-chain perspective, so it’s very important for us to understand not only who our contractors are contracting with, but when they provide a service or software, what’s embedded there within,” said Kirstjen Nielsen of the Senate Appropriations Committee’s Homeland Security panel and DHS Secretary. “Unfortunately, for many of the third-party providers, they weren’t even aware that they had Kaspersky on their systems and within their products.”
The DHS is looking into how to keep the work being done by contractors secure.
“It has to be that we can pause and turn off contracts the moment we have a concern — if someone’s been hacked, if someone is vulnerable, or someone is using software that we know will put us at risk,” said Nielson. “We are doing a full review and working within the authorities we have to find out ways to do that.”
At the end of August of last year, U.S. intelligence agencies launched a massive probe into the software firm Kaspersky.
The software company has been long suspected of being linked to the Russian government and espionage. Five heads of five U.S. intelligence agencies have all agreed that they wouldn’t feel comfortable using Kaspersky products on their agency’s networks.
Then in September of last year, the U.S. government officially banned the use of all Kaspersky software products in federal departments. All agencies had to identify the Kaspersky products that have been used in the past and had to discontinue their use.
“This action is based on the information security risks presented by the use of Kaspersky products. The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” said the Department of Homeland Security in a statement last September. “The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
President Donald Trump then signed a bill last December extending the Kaspersky ban to contractors and third-party vendors working with the government.
Kaspersky continues to deny having any “inappropriate ties” with the Russian government and is currently suing the U.S. federal government over the ban.