The Biden administration announced on Thursday a ban on the sale of Kaspersky Lab's antivirus software in the United States, citing significant national security risks due to the company's ties to Russia. Commerce Secretary Gina Raimondo highlighted the potential threat posed by Kaspersky's access to critical U.S. infrastructure and sensitive information.
"Russia has shown it has the capacity and... the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans, and that is why we are compelled to take the action that we are taking today," Raimondo said in a briefing.
Kaspersky Lab, a cybersecurity firm based in Moscow, has long been under scrutiny by U.S. authorities for its alleged connections to Russian intelligence. The Treasury Department's decision will bar new sales of Kaspersky software in the U.S. starting July 20, with existing customers allowed to receive updates only until September 29.
The U.S. Commerce Department is also adding three Kaspersky units to its trade restriction list, effectively barring these entities from receiving goods from American suppliers. The units include two based in Russia and one in the UK. This move aims to curtail Kaspersky's influence and prevent potential exploitation by Russian intelligence.
The new restrictions leverage broad powers granted to the Commerce Department in 2019, under an executive order by former President Donald Trump. These powers allow the U.S. to restrict transactions with companies from "foreign adversary" nations like Russia and China. This marks the first use of these authorities to ban a specific company's software from the U.S. market.
Kaspersky has consistently denied any ties to the Russian government and has not yet responded to requests for comment on the new ban. The company, which has operations in Massachusetts and a British holding company, reported $752 million in revenue for 2022, serving over 220,000 corporate clients in 200 countries. Among its notable customers are Volkswagen's retail division in Spain and the Qatar Olympic Committee.
Despite Kaspersky's denials, U.S. intelligence agencies have expressed ongoing concerns about the potential for the Russian government to leverage the company's software for espionage. These concerns were heightened following Russia's invasion of Ukraine in February 2022. The U.S. government warned that Moscow could manipulate Kaspersky software to harm American interests.
The Commerce Department's action follows years of escalating scrutiny. In 2017, the Department of Homeland Security banned Kaspersky's antivirus product from federal networks, citing concerns over potential ties to Russian intelligence. Media reports also suggested that Kaspersky had inadvertently acquired hacking tools from a National Security Agency employee, which later ended up with the Russian government. Kaspersky claimed it had discovered the code by chance and that no third parties had accessed it.
Commerce Secretary Raimondo emphasized the importance of the new ban, noting that the U.S. conducted an "extremely thorough" investigation into Kaspersky and explored all possible mitigation measures. Ultimately, the decision was made to implement a full ban due to the continuing threat posed by the Russian government's offensive cyber capabilities.
Raimondo reassured current Kaspersky users in the U.S. that they are not subject to criminal or civil penalties but urged them to switch to alternative software immediately to protect their data. The Commerce Department will collaborate with the Departments of Homeland Security and Justice to ensure a smooth transition for affected businesses and individuals.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency will reach out to critical infrastructure organizations using Kaspersky software to brief them on the security risks and assist in identifying alternatives.
