.png?width=1816&height=566&name=brandmark-design%20(83).png "brandmark-design (83)")
Roughly seven years after the U.S. barred Russian-made Kaspersky antivirus products from federal government use, the Biden administration has expanded this policy, prohibiting private corporations and individuals from using the software as well.
Companies that have so far chosen to overlook past U.S. warnings that Kaspersky products could be used as a spyware or malware tool by Russian agents now must find a new and viable antivirus software before Sept. 29, 2024, at which time they will lose all technical support, as no further software updates will be allowed. Moreover, as of July 20, 2024, Kaspersky will be barred from entering any new contractual agreements in the U.S.
This decision was rendered earlier in June via a Final Determination from the U.S. Department of Commerce’s Bureau of Industry and Security, which found that “Kaspersky’s provision of cybersecurity and anti-virus software to U.S. persons, including through third-party entities that integrate Kaspersky cybersecurity or anti-virus software into commercial hardware or software, poses undue and unacceptable risks to U.S. national security and to the security and safety of U.S. persons.”
Among the U.S. government’s concerns are that Kaspersky could be compelled by the Russian government to use their product base and cyber knowledge to exfiltrate sensitive information from clients, secretly install malware through a product update, or strategically withhold antivirus updates to keep machines unprotected during an active attack campaign.
Additionally, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced that a dozen individual executives and senior leaders at Kaspersky Lab have been subjected to sanctions.
For its part, Kaspersky has repeatedly denied that it is a threat to American security and has claimed to offer viable solutions to U.S. concerns. Nevertheless, the BIS noted in an official press release that its decision is “the result of a lengthy and thorough investigation, which found that the company’s continued operations in the United States presented a national security risk – due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations – that could not be addressed through mitigation measures short of a total prohibition.”
The decision comes at a time when U.S. lawmakers are proposing further restrictions on Chinese manufacturing tools and equipment and about two months after President Joe Biden signed a law requiring the Chinese company that owns TikTok to either divest the business or face a U.S. ban. Such movies signal that the U.S. is becoming increasingly serious about prohibiting tech products that are developed or manufactured in nations considered to be a cyber threat – which also means that companies within the U.S. need to be more aware of where their hardware and software components are being sourced from.
The Kaspersky ban does not cover “Kaspersky Threat Intelligence products and services, Kaspersky Security Training products and services, or Kaspersky consulting or advisory services… that are purely informational or educational in nature,” the U.S. has clarified on an FAQ page. Also on this page, the BIS has also provided instructions on how to remove Kaspersky products and some links to resources offering a list of alternatives for anti-virus software and other cybersecurity products or services. Such information should prove very useful to companies that suddenly find themselves having little choice but to find a new antivirus solution.
