Kaspersky Is Declared A US National Security Threat And Is Banned By The FCC
Kaspersky, a cybersecurity and antivirus company, appears in our news coverage fairly often, as the company’s researchers frequently uncover and disclose noteworthy vulnerabilities and malware. Earlier this month, we covered a gas pump hack that called to mind a vulnerability previously discovered by Kaspersky. Before that, we published coverage of a persistent Unified Extensible Firmware Interface (UEFI) malware that Kaspersky dubbed MoonBounce. Kaspersky’s effort to track and expose malicious apps in the Google Play Store has also appeared in our news coverage relatively recently.
However, despite Kasperksy’s continued documentation of vulnerabilities and malware, the company has come under scrutiny from the US government. Back in 2017, news broke that the Federal Bureau of Investigation (FBI) was warning companies not to use Kaspersky software, presumably over concerns of government spying. While Kaspersky is a multinational company with offices in a number of countries, including the US, UK, and Japan, the company is headquartered in Moscow, Russia. Even though Kaspersky is a private company, the US government remains wary.
However, despite Kasperksy’s continued documentation of vulnerabilities and malware, the company has come under scrutiny from the US government. Back in 2017, news broke that the Federal Bureau of Investigation (FBI) was warning companies not to use Kaspersky software, presumably over concerns of government spying. While Kaspersky is a multinational company with offices in a number of countries, including the US, UK, and Japan, the company is headquartered in Moscow, Russia. Even though Kaspersky is a private company, the US government remains wary.
Less than a month after news broke of the FBI’s warnings against using Kaspersky software, the Department of Homeland Security issued a Binding Operational Directive (BOD) requiring certain federal agencies and contractors to remove Kaspersky products from federal information systems. The BOD is intended to safeguard the information and information services of federal agencies.
Fast forward to late last week, and the Federal Communications Commission added Kaspersky, along with China Mobile and China Telecom, to a list of communications equipment and services that are deemed to pose an unacceptable risk to US national security. The list falls under Section 2 of the Secure Networks Act, which was passed in 2019 and “prohibits the use of certain federal funds to obtain communications equipment or services from a company that poses a national security risk to U.S. communications networks.” The list is maintained by the FCC and was last updated in March of 2021 to include Huawei, ZTE, and three others.
In its explanation of the new additions to the list, the FCC cites the 2017 BOD: “we interpret the BOD to be a finding from the Department of Homeland Security that Kaspersky-branded products pose an unacceptable risk to the national security of the United States.”
Fast forward to late last week, and the Federal Communications Commission added Kaspersky, along with China Mobile and China Telecom, to a list of communications equipment and services that are deemed to pose an unacceptable risk to US national security. The list falls under Section 2 of the Secure Networks Act, which was passed in 2019 and “prohibits the use of certain federal funds to obtain communications equipment or services from a company that poses a national security risk to U.S. communications networks.” The list is maintained by the FCC and was last updated in March of 2021 to include Huawei, ZTE, and three others.
In its explanation of the new additions to the list, the FCC cites the 2017 BOD: “we interpret the BOD to be a finding from the Department of Homeland Security that Kaspersky-branded products pose an unacceptable risk to the national security of the United States.”
Kaspersky published a statement on the FCC public notice, expressing disappointment in the FCC’s decision. Speaking of the 2017 BOD, the statement reads, “As there has been no public evidence to otherwise justify those actions since 2017, and the FCC announcement specifically refers to the Department of Homeland Security’s 2017 determination as the basis for today’s decision, Kaspersky believes today’s expansion of such prohibition on entities that receive FCC telecommunication-related subsidies is similarly unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services.”
Kaspersky also maintains that it “doesn’t have any ties with any government, including Russia’s,” but that it “remains ready to cooperate with US government agencies to address the FCC’s and any other regulatory agency’s concerns.” Given the delay between the 2017 BOD and the FCC’s listing of Kaspersky as a national security threat this past week, one might speculate that the Russian invasion of Ukraine spurred the FCC’s recent decision. However, government agencies and regulatory bodies are known for being incredibly slow-moving, so the delay may simply be the result of government bureaucracy working as usual.
Kaspersky also maintains that it “doesn’t have any ties with any government, including Russia’s,” but that it “remains ready to cooperate with US government agencies to address the FCC’s and any other regulatory agency’s concerns.” Given the delay between the 2017 BOD and the FCC’s listing of Kaspersky as a national security threat this past week, one might speculate that the Russian invasion of Ukraine spurred the FCC’s recent decision. However, government agencies and regulatory bodies are known for being incredibly slow-moving, so the delay may simply be the result of government bureaucracy working as usual.
