DHS tells feds to delete Russian company’s software from U.S. computers

Acting Homeland Security Secretary Elaine Duke ordered federal agencies to identify and stop use of any products or services supplied by AO Kaspersky Lab, saying the U.S. fears the company’s ties to Russian intelligence operatives.

The new directive applies to the entire executive branch, which comprises nearly every federal government office, excluding only the courts and Congress.

In a statement, Homeland Security said Kaspersky’s anti-virus products give the company broad access to files on computers, which in turn opens the computers up to being compromised.

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” the department said in a memo describing the new order.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” Homeland Security said.

The new Homeland Security directive gives all executive branch departments and agencies 30 days to identify Kaspersky products they are using, another 30 days to come up with a plan to expunge the software, and a final 30 days to carry it out.

The department also said it would give Kaspersky a chance to defend itself.

In a statement Wednesday, Kaspersky Lab said it was “disappointed” by the decision, but said it would provide information to disprove the allegations.

“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company,” the company said.

It said more than 85 percent of its revenue comes from outside of Russia, which the company said is proof that it wouldn’t risk its business by any “unethical ties or affiliations.”

“Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it’s disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues,” the company said.

Rep. Bennie G. Thompson, the top Democrat on the House Homeland Security Committee, said the government is usually more circumspect about issuing binding cybersecurity orders like Wednesday’s directive.

“It is clear that DHS’s decision to issue this directive, in a very public way, is significant,” he said.

Officials in Washington have recently expressed worries about Kaspersky, with top intelligence officials saying earlier this year that they don’t trust the company’s products. Congress also mulled a government-wide ban on using the company’s products.

The National Journal reported earlier this year that nobody seems to know how widespread use of Kaspersky software is in government computers.

The company has also popped up in the investigation into Russian influence on the 2016 election, with Michael Flynn, the former top security advisor to President Trump, belatedly reporting that the company’s U.S. subsidiary paid him $11,250 for a speaking engagement in 2015.