The US government banned the use of Kaspersky security software in federal offices Wednesday, saying the Russian company has risky ties to Russian intelligence that threaten US national security.
Acting Secretary of Homeland Security Elaine Duke ordered all government offices to remove and replace any of the company’s popular anti-hacker software in use within 90 days.
“The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies,” Duke said in a statement.
She also expressed concern that Russian intelligence agencies can by law request or compel assistance from Kaspersky, including in intercepting communications transiting Russian networks.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates US national security,” Duke said.
The move comes amid heightened strains between Russia and the US over Moscow’s alleged interference in last year’s US presidential election.
Kaspersky was already finding the government shut to its business, according to US companies it competes with.
Earlier this year six top intelligence and security officials told a Congressional hearing that they would not use Kaspersky software.
In July the government’s General Services Administration issued an advisory against using it.
Last week Senator Jeanne Shaheen said she would attach to a crucial defense department appropriations bill a law banning government use of Kaspersky products.
Based in Moscow, Kaspersky has been selling its popular and highly regarded software around the world for two decades and does 85 percent of its business outside of Russia, including with multiple governments, according to the company.
It has repeatedly denied having anything more than correct business ties to the Kremlin, saying it is “caught in the middle of a geopolitical fight.”
It said it was not a telecom provider and so not subject to the Russian laws Duke referred to on cooperation with the government.
“No credible evidence has been presented publicly by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company,” it said in a statement.
“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organisations from cyber threats, but it does not have unethical ties or affiliations with any government, including Russia.”
Founder and chief executive Eugene Kaspersky said he has repeatedly offered to present the company’s source code to US officials for an audit but has not been given the opportunity to do so.
The Department of Homeland Security said Wednesday that Kaspersky could give a written response to the ban to address the department’s concerns.