Biden administration bans Americans from using Russian-made cybersecurity software over national security concerns

Damond Isiaka
7 Min Read


CNN
 — 

The Biden administration is taking the unprecedented step of banning US companies and citizens from using software made by a major Russian cybersecurity firm with a new prohibition on its sale because of national security concerns, Commerce Department Secretary Gina announced Thursday.

The move uses relatively new Commerce Department authorities built on executive orders signed by Presidents Joe Biden and Donald Trump to ban the sale and provision of software products by Russian firm, Kaspersky Lab, inside the US.

Previously installed software from the company can continue to be used but it will not be possible to download updates.

Thursday’s announcement comes after CNN reported in April that the Biden administration was preparing to issue an order that would prevent US companies and citizens from using Kaspersky software.

“We are announcing that after an extremely thorough investigation, we are taking action … which will prohibit Kaspersky Lab and all of its affiliates, subsidiaries and parent company from providing cyber security and anti-virus software anywhere in the United States,” Raimondo told reporters.

“We’re also adding three Kaspersky entities to the Entity List, which means that they won’t be able to sell or update software in the US,” she added. “Russia has shown it has the capacity and even more than that, the intent, to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans and that’s why we are compelled to take the action that we’re taking today.”

It’s the latest move by the US government to block Americans from using popular technology that it considers a national security risk.

“Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted third party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services,” Kaspersky Lab said in a statement responding to the Commerce ruling.

“Kaspersky does not engage in activities which threaten US national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted US interests and allies. The company intends to pursue all legally available options to preserve its current operations and relationships.”

Following the Commerce Department announcement, on Friday the US Treasury imposed sanctions on 12 leaders of the firm “for operating in the technology sector of the Russian Federation economy.”

The Treasury Department did not impose sanctions on the company itself, “its parent or subsidiary companies, or its CEO,” the Treasury Department said.

“Today’s action against the leadership of Kaspersky Lab underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber threats,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson said in a statement Friday. “The United States will take action where necessary to hold accountable those who would seek to facilitate or otherwise enable these activities.”

US government agencies are already banned from using Kaspersky Lab software, but action to prevent private companies from using the software is unprecedented.

US officials have for years alleged that the Russian government could force Kaspersky Lab to hand over data or use its anti-virus software to attempt to carry out hacking or surveillance of Americans — accusations that Kaspersky Lab strenuously denies.

Raimondo reiterated that concern during Thursday’s announcement.

“While we’ve been exploring every option at our disposal, we ultimately decided that given the Russian government’s continued offensive cyber capabilities and capacity to influence Kaspersky’s operations, that we have to take the significant measure of a full prohibition, if we’re going to protect Americans and their personal data,” she told reporters.

A Commerce Department official said Thursday that the agency’s final determination implementing the ban does not identify any specific instances in which the Russian government has attempted to exploit Kaspersky or used the company’s software for data collection.

“But we certainly believe that it is more than just a theoretical threat,” the official added, noting the Commerce Department’s new authorities allow it to act proactively, even in the absence of concrete examples.

Founded in Moscow in 1997, Kaspersky Lab grew into one of the world’s most successful anti-virus software companies alongside American rivals like McAfee and Symantec. Kaspersky Lab’s researchers, recognized as top-tier in the cybersecurity industry, are known for analyzing hacking operations suspected of being carried out by a variety of governments including Russia, the US and Israel, but also cybercriminal threats that affect everyday users.

Some of the speculation and suspicion from US officials about the Russian company centers around Eugene Kaspersky, a charismatic computer expert who co-founded Kaspersky Lab in Moscow in 1997.

Eugene Kaspersky studied cryptography at a KGB-sponsored university — a fact that some US lawmakers like to mention when trying to tie the company to Russian government. Kaspersky Lab has denied having “any unethical ties or affiliations with any government, including Russia.” Kaspersky served as a software engineer at a Russian Ministry of Defense institute after graduation, and that is “the extent of his military experience,” the company says.

Kaspersky has lamented that his company is the victim of geopolitical tensions between the West and Russia — tensions that have only grown sharper since the Kremlin’s full-scale invasion of Ukraine in 2022.

This story has been with updated additional details and comment from Kaspersky Lab.

Share This Article
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *