In the latest scare for the nation’s cybersecurity, last week ended with the ominous announcement of the Department of Homeland Security (DHS) ordering federal agencies and departments to cease using software produced by Russian firm Kaspersky Lab, citing potential risks to U.S. national security.
According to reports, DHS is concerned that ties between certain Kaspersky employees and the Russian government may indicate a threat to the security of these programs. The order gives all federal agencies 30 days to remove the now prohibited programs.
Kaspersky, one of the largest vendors of its kind in the world, specializes in endpoint security and virus detection. When installed, these programs have broad access to a system, which means that if there is malware contained in a program designed to divert data, highly sensitive government files are at risk of being exposed.
The DHS came on the heels of an announcement by Representative Adam Schiff, the top Democrat on the House Intelligence Committee, calling for social media giants like Facebook and Twitter, to appear before the panel as part of its investigation into Russian election interference. According to reports, the panel suspects these companies of cooperating with Russian advertisers to spread content promoting Donald Trump’s candidacy.
All of this has obviously escalated fears that Russian cyber meddling in the American government and its processes may be more substantial than initially thought.
The effects of the Kaspersky ban are beginning to take shape.
Eugene Kaspersky, the company's CEO, responded to the ban by reiterating his stance that the company maintains no links to the Russian government and agreed to testify before Congress to quell policymakers’ suspicions.
In a recent press release, Kaspersky stated that it is planning on implementing several changes to its US subsidiaries and branches. For instance, the company is looking into opportunities to better optimize its office in Washington D.C., the Kaspersky group responsible for monitoring threat intelligence schemes on American government entities. The statement added that the firm was aiming to open new offices in Los Angeles, Chicago, and Toronto in the coming year, and ended with this reassuring remark: “Despite geopolitical disturbance we stay pledged to North American users.” All of these are clear attempts by Kaspersky to mitigate the possible effects of being covertly implicated as an accomplice in Russian government subterfuge.
But the company has not been able to avoid being burned by the DHS ban. Major electronics retailer Best Buy, announced recently that it was pulling all Kaspersky products from their shelves and website. Depending on the progress on Capitol Hill and the Congress’ interview of Eugene Kaspersky, the company could see more outlets across the US following Best Buy’s lead. In the corporate world, businesses using Kaspersky products on their systems may soon find this to be a liability, as clients may be hesitant to trust a firm with the allegedly compromised Russian software on their computers- especially in the data and information sensitive financial services industry.
More broadly, the Kaspersky ban may be one of the first tangible examples of policymakers wielding their authority in response to suspicions of 2016 Russian election interference. If inquiries into private businesses and other internet service giants such as Facebook continue, these steps by Congress and other federal agencies may have a substantial effect on the world of IT and cybersecurity going forward.