The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has announced a “first of its kind” ban that prohibits Kaspersky Lab’s U.S. subsidiary from directly or indirectly offering its security software in the country.
The blockade also extends to the cybersecurity company’s affiliates, subsidiaries and parent companies, the department said, adding the action is based on the fact that its operations in the U.S. posed a national security risk.
“The company’s continued operations in the United States presented a national security risk — due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations — that could not be addressed through mitigation measures short of a total prohibition,” the BIS said.
It further said Kaspersky is subject to the jurisdiction and control of the Russian government and that its software provides Kremlin access to sensitive U.S. customer information as well as allows for installing malicious software or withholding critical updates.
“The manipulation of Kaspersky software, including in U.S. critical infrastructure, can cause significant risks of data theft, espionage, and system malfunction,” it noted. “It can also risk the country’s economic security and public health, resulting in injuries or loss of life.”
As part of the ban, Kaspersky will be barred from selling its software to American consumers and businesses starting on July 20. However, the company can still provide software and antivirus signature updates to existing customers until September 29.
It’s also urging current individual and business customers to find suitable replacements within the 100-day time period so as to ensure that there are no gaps in security protections. That said, it’s worth noting that they can continue to use the products should they choose to do so.
“Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people,” Secretary of Commerce Gina Raimondo said.
That’s not all. Kaspersky has also been added to the Entity List for their “cooperation with Russian military and intelligence authorities in support of the Russian Government’s cyber intelligence objectives.” The Moscow-headquartered firm, which serves over 400 million customers and 240,000 corporate clients across 200 countries including Piaggio, Volkswagen Group Retail Spain, and the Qatar Olympic Committee, has long been in the crosshairs of the U.S. government over its ties to Russia.
In September 2017, its products were banned from being used in federal networks, citing national security concerns. Weeks after that announcement, a Wall Street Journal report alleged Russian government hackers had stolen U.S. classified hacking tools stored on a National Security Agency (NSA) contractor’s home computer because it was running Kaspersky software.