The federal government already is prohibited from using Kaspersky software.
The Federal Communications Commision (FCC) has deemed Moscow-based Kaspersky a threat to national security. This is the second time the federal government has singled out Kaspersky.
The FCC has added Kaspersky to its national security threat list. It also added China Telecom (Americas) and China Mobile International USA. These additions come amid the ongoing Russian invasion of Ukraine.
Adding the companies is consistent with requirements in the Secure and Trusted Communications Networks Act of 2019.
With the decision, U.S. companies can’t use money from the FCC’s $8 billion Universal Service Fund for supporting telecom deployments in rural and underserved communities to purchase Kaspersky products and services.
Jessica Rosenworcel is the FCC’s chairwoman.
“Last year, for the first time, the FCC published a list of communications equipment and services that pose an unacceptable risk to national security,” she said. “And we have been working closely with our national security partners to review and update this list. Today’s action is the latest in the FCC’s ongoing efforts, as part of the greater whole-of-government approach, to strengthen America’s communications networks against national security threats, including examining the foreign ownership of telecommunications companies providing service in the United States and revoking the authorization to operate where necessary. Our work in this area continues.”
A 2017 order by former President Trump already banned the federal government from using Kaspersky software.
Kaspersky Software Poses Threat?
Earlier this month, Germany’s Federal Office for Information Security (BSI) warned users of antivirus software developed by Kaspersky that poses a serious risk of a successful hacking attack. According to Reuters, the German agency said Kaspersky could be coerced by Russian government agents to hack IT systems abroad. It also said agents could clandestinely use its technology to launch cyberattacks without its knowledge.
Kaspersky said it’s disappointed with the FCC’s decision to prohibit certain telecommunications-related federal subsidies from being used to purchase it’s products and services.
The FCC didn’t base its decision on any technical assessment of Kaspersky products, the company said. Instead, it made its decision on “political grounds.”
Kaspersky maintains that the federal government’s 2017 prohibitions were “unconstitutional, based on unsubstantiated allegations and lacked any public evidence of wrongdoing by the company.”
“Kaspersky believes today’s expansion of such prohibition on entities that receive FCC telecommunication-related subsidies is similarly unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services,” it said.
Assuring Partners and Customers
Kaspersky said it will continue to assure its partners and customers on the “quality and integrity” of its products.
“Kaspersky provides industry-leading products and services to customers around the world to protect them from all types of cyber threats, and it has stated clearly that it doesn’t have any ties with any government, including Russia’s,” it said. “The company believes that transparency and the continued implementation of concrete measures to demonstrate its enduring commitment to integrity and trustworthiness to its customers is paramount.”
Lisa Plaggemier is interim executive director of the National Cybersecurity Alliance (NCA). She said Kaspersky’s client base is massive. Its technology is used by 400 million customers across nearly 250,000 companies around the world. Therefore, the ripples from this news will be “felt in virtually every corner of the globe.”
“Kaspersky is one of the foremost players in the entire cybersecurity world,” she said. “However, there is no shortage of competition in this space.”
As tensions escalate between Russia and the West, private companies and users could consider ditching Kaspersky, Plaggemier said.
FCC Likely to Add More Companies to List
Russia has shown itself to be “incredibly effective” at breaching U.S. entities, such as the Colonial Pipeline and SolarWinds, Plaggemier said. Therefore, the U.S. government is likely to continue exercising “extreme” regulatory caution when it comes to Russian technology.
“Although the … list only has a handful of entities listed on them currently, most of them Chinese, it would not be surprising to see additional companies, both of Russian origin or from countries aligned with Russia, added particularly as this conflict continues to unfold,” she said.