The U.S. Department of Homeland Security has effectively banned all government agencies from using products made by Russian antivirus company Kaspersky Lab.
DHS Secretary Elaine Duke has issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to “identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days… to begin to implement the agency plans to discontinue use and remove the products from information systems.”
Duke stated, “This action is based on the information security risks presented by the use of Kaspersky products on federal information systems. Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.”
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
The U.S. House Science, Space and Technology Committee asked company CEO Eugene Kaspersky to appear at a Sept. 27 hearing on the matter, but that hearing was postponed. Instead, the Committee held a classified briefing on Tuesday, Sept. 26, with sources saying the meeting centered on Kaspersky products, news reports and how government agencies should respond.
It is no secret that the Russian government, and Russia’s president Vladimir Putin, are enemies of the United States in the global arenas of cybersecurity and the Internet. Both governments, along with other major players like China, Great Britain, and numerous Middle-Eastern countries, have been hacking the crap out of each other for years. They hack us, we hack them, and the cycle goes on and on.
Should we be concerned about using antivirus products made by companies that may be beholden to hostile foreign governments? Well, duh; of course we should. It should be noted, though, that U.S.-based antivirus companies like Norton and McAfee are routinely compelled by U.S. intelligence agencies like the National Security Agency to hand over entire databases on everything they do. With that in mind, I guess it comes down to which spy agencies do you trust the most: American, or Russian?
However, I won’t use Kaspersky Antivirus, anyway. There are better products one can use, such as the top three free antivirus programs Avira, Avast, and AVG (now owned by Avast). Those three companies are German, though, so there’s some more confusing food for thought. Darn.