U.S. bans antivirus software from Kaspersky Lab
Add Axios as your preferred source to
see more of our stories on Google.
Visitors sit at the stand of Kaspersky Lab at Mobile World Congress in 2022. Photo: Pau Barrena/AFP via Getty Images)
The Commerce Department will ban all new sales of Moscow-based Kaspersky Lab's cybersecurity and antivirus software in the United States next month.
Why it matters: The move sends the strongest signal to-date against a foreign-owned security vendor over concerns that a company could be coerced into working with adversarial governments.
- The Commerce Department has never outright banned the sale of a cybersecurity product in the U.S., Commerce Secretary Gina Raimondo told reporters earlier today.
Zoom in: The ban prohibits Kaspersky Lab from selling antivirus and cyber software products to U.S. customers starting July 20.
- Current U.S. Kaspersky Lab customers can still use the products, but they'll stop receiving software updates after Sept. 29, Raimondo said.
- The Cybersecurity and Infrastructure Security Agency will be reaching out and educating critical infrastructure organizations ahead of the deadline to prepare them for the switch and help identify alternative security solutions.
- The Commerce Department also added three Kaspersky-connected entities to its sanctions list: AO Kaspersky Lab, OOO Kaspersky Group and Kaspersky Labs Limited.
The big picture: Kaspersky Lab is one of the world's biggest providers of antivirus software and claims to have 270,000 corporate clients worldwide.
- But U.S. officials have long been concerned the company could be required to share customer information with Moscow and even assist in the Russian government's cyber espionage operations.
Flashback: The U.S. government banned Kaspersky Lab products from federal systems in 2017.
- Since then, Kaspersky Lab has put up a fight: It sued the federal government and even moved some of its data storage out of Russia to Switzerland.
Between the lines: Kaspersky Lab still has a "significant number of U.S. customers," including critical infrastructure organizations and state and local governments, a senior Commerce official told reporters during a briefing.
- The official said the specific number of U.S. customers is still confidential.
- Commerce is enacting the ban after an investigation that underscored ongoing security concerns about Kaspersky's reach, the official added.
The Commerce Department issued the new ban using authorities given to the office through a 2019 Trump executive order.
- Commerce officially issued a new regulation to implement the order in November 2021.
What they're saying: "We ultimately decided that given the Russian government's continued offensive cyber capabilities and capacity to influence Kaspersky's operation, that we have to take the significant measure of a full prohibition if we're going to protect Americans and their personal data," Raimondo said in remarks to reporters.
The other side: Kaspersky said in a statement Thursday it plans to pursue "all legally available options to preserve its current operations and relationships."
- Kaspersky added that the company doesn't "engage in activities which threaten U.S. national security" and has "repeatedly demonstrated its independence from any government."
- "Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky's products and services," the company said.
What's next: The U.S. government believes that Moscow won't be caught off guard by this decision.
- However, it is prepared if the Russian government chooses to retaliate, the senior Commerce official said.
Editor's note: This story has been updated with a statement from Kaspersky.
