Employees work at the command center of the Federal Emergency Management Agency on August 4. The Department of Homeland Security on Wednesday ordered all federal agencies to stop using Kaspersky Labs cybersecurity products within 90 days. File Photo by Michael Reynolds/UPI | License Photo
Sept. 13 (UPI) -- The U.S. Department of Homeland Security on Wednesday directed all federal agencies to stop using security products by Kaspersky Lab, a Russian company with alleged ties to state-sponsored cyberespionage.
Acting Secretary of Homeland Security Elaine Duke gave the agencies a timeline for complying with the directive. They must identify any use of Kaspersky products within 30 days, develop a plan to remove them within 60 days and discontinue using the services within 90 days.
The directive said Kaspersky's anti-virus products allow "broad access" to files and can be exploited by "malicious cyberactors" to compromise the systems.
"The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks," the directive said. "The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security."
The move comes amid several federal investigations into whether the Russian government attempted to meddle in the 2016 U.S. presidential election. The U.S. intelligence community in January concluded Russian President Vladimir Putin had a direct hand in ordering a large-scale effort to interfere with the election in an attempt to get Trump elected. A report from the director of national intelligence said agents of the Kremlin employed third parties to impact the vote, including the Moscow-funded network RT and "trolls" on social media channels.
Intelligence officials implicated the Russian government in a series of cyberattacks last year on the Democratic National Committee's computers, and other Democratic officials.
Kaspersky Lab told The Washington Post Wednesday that it doesn't have improper ties with any government, including Russia's.
"The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it's being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts," the company said.
Meanwhile, unnamed sources told Russian news agency The Bell, that Kaspersky's Washington, D.C., branch, Kaspersky Government Security Solutions Inc, is considering closing its offices there because the U.S. government has prohibited affiliation. The Moscow Times reported that Kaspersky Lab's vice president for public affairs, Anton Shingarev, told The Bell that "a reorganization is planned" at the office.