US Bans Kaspersky After Suspected Russian Ties
International cybersecurity company, Kaspersky, has officially been struck by the ban hammer. What is Kaspersky? The Russian-based anti-virus provider, established in 1997, has a massive customer base. They were previously very popular, but the Biden administration recently banned them in an effort to prevent possible security risks from Russia.
The decision was made public on June 20, 2024, with the announcement that their products would no longer be allowed to be sold and declaring Kaspersky banned in the U.S., sanctioning the company’s senior leaders as well.
Why Is Kaspersky Being Banned?
The U.S. Bureau of Industry and Security’s official statement gives the reason for the ban as, “Today’s Final Determination and Entity Listing are the result of a lengthy and thorough investigation, which found that the company’s continued operations in the United States presented a national security risk—due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations—that could not be addressed through mitigation measures short of a total prohibition.”
Kaspersky was even added to the Bureau’s “Entity List,” a compilation of companies, organizations, and individuals that are deemed a security concern. Specific reasons given for the ban:
- Kaspersky is under the jurisdiction of the Russian government and is mandated to comply with any of their information requests. This could be used for exploitation or harmful purposes
- Because of their administrative privileges, they could possibly access and give sensitive U.S. customer information to the Russian government
- The potential to install malware, malicious software, or withhold crucial updates to patch security exploits on U.S. customers’ systems
- Third-party integration means it’s harder to oversee where Kaspersky software ends up, including highly sensitive U.S. networks
Kaspersky’s Response
If you’re wondering who owns Kaspersky, it was founded by Eugene Kaspersky, a former Russian intelligence officer. The company’s official response is, “Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies. The company intends to pursue all legally available options to preserve its current operations and relationships.”
Kaspersky also claims that the Biden administration’s decision is based on the war in Ukraine and the current political climate and that banning their technology will only leave their customers vulnerable to cyber threats.
The Bureau acknowledges it will be a disruption to consumers, so Kaspersky is allowed to continue business operations in the U.S. until 12:00AM (EDT) on September 29, 2024.
This isn’t the U.S. government’s first run in with Kaspersky bans. In 2017, the Department of Homeland Security mandated that federal agencies stop using Kaspersky products on their information systems. The 2024 ban has been in the works for a while.
What It All Means
With Kaspersky banned in the U.S., current customers are urged to find replacement cybersecurity providers before September 29, when the current software will no longer receive software and security updates, rendering it vulnerable and increasingly less functional. After July 20, Kaspersky is barred from entering new business arrangements inside the U.S. and can only support their present customers until the end of September.
Even with Kaspersky banned in the U.S., Americans who want to continue using their software past September can legally still do so. They have multiple software products, such as identity protection, antivirus, firewalls, etc. All products will lose support, however, so they won’t be useful for long without any updates and patches.
Is Kaspersky banned in the U.S. but nowhere else? Actually, others have also found the anti-virus giant too risky. In 2023, Canada banned them on all government-issued phones. The Treasury Board president, Anita Anand, said in a statement, “We are taking a risk-based approach to cybersecurity by removing access to these applications on government mobile devices.” Canada’s Chief Information Officer, Catherine Luelo, similarly stated that apps like those from WeChat (also banned by Canada) and Kaspersky, “…present an unacceptable level of risk to privacy and security.”
As the war in Ukraine continues and Russia becomes an increasing concern, bans on Russian-based companies will likely spread. Meanwhile, Kaspersky plans to fight it out on the legal battlefront. However things end up, U.S. customers will have a hassle ahead to find a replacement.