by Dave Moore, CISSP
04/24/2022
In 2017, The U.S. Department of Homeland Security effectively banned all government agencies from using products made by Russian antivirus company Kaspersky Lab. The FCC recently did the same thing, adding Kaspersky to their list of companies that are a threat to national security.
DHS Secretary Elaine Duke issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to “identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days… to begin to implement the agency plans to discontinue use and remove the products from information systems.”
Duke stated, “This action is based on the information security risks presented by the use of Kaspersky products on federal information systems. Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.”
“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”
The U.S. House Science, Space and Technology Committee asked company CEO Eugene Kaspersky to appear at a Sept. 27, 2017 hearing on the matter, but that hearing was postponed. Instead, the Committee held a classified briefing, with sources saying the meeting centered on Kaspersky products, news reports and how government agencies should respond.
It is no secret that the Russian government, and Russia’s president Vladimir Putin, are enemies of the United States in the global arenas of cybersecurity and the Internet. Both governments, along with other major players like China, Great Britain, and numerous Middle-Eastern countries, have been hacking the crap out of each other for years. They hack us, we hack them, and the cycle goes on and on.
Should we be concerned about using antivirus products made by companies that may be beholden to hostile foreign governments? Well, duh; of course we should. It should be noted, though, that U.S.-based antivirus companies like Norton and McAfee are routinely compelled by U.S. intelligence agencies like the National Security Agency to hand over entire databases on everything they do. With that in mind, I guess it comes down to which spy agencies do you trust the most: American, or Russian?
However, I won’t use Kaspersky Antivirus, anyway. There are better products one can use, that are free. Most of them are German or Ukranian companies, though, so there’s some more confusing food for thought. Darn.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd, he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or internetsafetygroup.org