Kaspersky Lab has been permanently banned from providing services to U.S. government agencies following a temporary ban placed on the company because of allegations of Russian government links in 2017.
The permanent ban, made under the 2018 National Defense Authorization Act, bars all civilian and military agencies from using Kaspersky products. Notably, the act used to permanently ban Kaspersky was enacted by legislators in 2018 on concerns over Kaspersky specifically, Nextgov reported Tuesday.
Among the allegations leveled at Kaspersky include the company designing cybersecurity software for Russian law enforcement agencies along with providing personnel to accompany Russian intelligence and police on raids and arrests. The Department of Homeland Security was also concerned about ties between certain Kaspersky officials and Russian intelligence and other government agencies, as well as requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said at the time.
Kaspersky had previously attempted to overturn the initial ban in court, arguing that it was unconstitutional, but it failed to do so.
Chris Morales, head of security analytics at threat detection firm Vectra AI Inc., told SiliconANGLE that the ban will not be difficult to implement because removing software agents for a large distribution of systems is fairly trivial. But he’s worried about alternatives.
“The bigger concern is: What replaces Kaspersky as the endpoint protection agent?” he said. “There are many options available in the market that would require an evaluation and testing period by any organization to ensure the software is compatible with current systems and software.”
The risk, however, is that an endpoint agent could interfere with a system, causing a significant disruption of business. “This means if an organization were to immediately remove Kaspersky with no alternative already validated, that organization could face a period of exposure of no endpoint coverage,” he said.
Joseph Carson, chief security scientist at privileged access management solutions company Thycotic Software Ltd., noted that the ban will cause some government agencies, both civilian and defense, to experienced some disruption or even major downtime of critical systems.
“The major issue with removing any antivirus products is that it almost always requires the system to be rebooted, sometimes multiple times,” Carson said. “This means that during the removal of Kaspersky Software it will likely mean all of those systems, including critical systems, will experience some downtime or even longer outages. It will also cause significant disruption for employees, meaning increased friction from disrupting employees productivity.”