Back in July, allegations that its source code may have been compromised by the Russian government led to Kaspersky Lab's removal from the list of approved federal vendors. Now, the Department of Homeland Security (DHS) has issued a directive giving departments and agencies three months to identify any use of the software and replace it with alternatives.
The directive allows 30 days to identify any government systems that use Kaspersky, 60 days to come up with a plan for eliminating the software, and 90 days to start uninstalling it.
“The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the DHS said in a statement.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security.”
Kaspersky Lab has faced allegations of ties with the Russian government for some time. CEO and cofounder Eugene Kaspersky was educated at a KGB-backed school and previously served at the intelligence organization. But there’s no public evidence linking Kaspersky with Russian agencies. A spokesperson said “the accusations are based on false allegations and inaccurate assumptions.”
The company added that as 85 percent of its revenue comes from outside of Russia, it would be detrimental for the firm to work inappropriately with any government.
The DHS has asked Kaspersky to contact the agency and provide evidence that proves its innocence. In July, Kaspersky said he was willing to testify before congress and turn over the company’s source code “to prove that we don’t behave maliciously.”
While Kaspersky continues to deny any relationship with the Russian government, emails obtained by Bloomberg earlier this year show how it developed software for the Federal Security Service (FSB), one of the intelligence agencies that allegedly attempted to influence the US election. It's also said to have accompanied agents on raids.
The company said that the facts of the 2009 emails have been “misconstrued to fit in with the hypothetical, false theory.”