(U) On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks.
(U) Last month the Senate Armed Services Committee passed a defense spending policy bill that would ban Kaspersky products from use in the military. The move came a day after the FBI interviewed several of the company’s U.S. employees at their private homes as part of a counterintelligence investigation into its operations.
(U) On 12 July, GSA made a tactical decision to remove Kaspersky Labs from two GSA schedules, thus effectively removing the vendor as an authorized source for purchases by any agency using GSA schedules.
• (U) The delisting represents the most concrete action taken against Kaspersky following months of mounting suspicion among intelligence officials and lawmakers that the company may be too closely connected to hostile Russian intelligence agencies accused of cyber-attacks on the United States.
• (U) Lawmakers raised concerns that Moscow might use the firm’s products to attack American computer networks, a particularly sensitive issue given allegations by U.S. intelligence agencies that Russia hacked and leaked emails of Democratic Party political groups to interfere in the 2016 presidential election campaign. Russia denies the allegations.
(U//FOUO) Per the U.S. General Services Administration, “After review and careful consideration, the General Services Administration made the decision to remove Kaspersky Lab-manufactured products from GSA IT Schedule 70 and GSA Schedul-67 – Photographic Equipment and Related Supplies and Services. GSA’s priorities are to ensure the integrity and security of U.S. government systems and network and evaluate products and services available on our contracts using supply chain risk management processes”.
(U//FOUO) State, Local, Tribal and Territorial government agencies that use GSA contract schedules for ordering IT goods and services and I or Photographic Equipment and Related Supplies and Services, or otherwise have Kaspersky Lab-manufactured products should consider the risk associated with these products and adhere to Federal guidelines.
Security Concerns with Kaspersky Labs Products
On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment.
The delisting represents the most concrete action taken against Kaspersky following months of mounting suspicion among intelligence officials and lawmakers that the company may be too closely connected to hostile Russian intelligence agencies accused of cyber-attacks on the United States.
• A Senate Armed Services Committee member said in a statement that “ties between Kaspersky Lab and the Kremlin are very alarming.”
• U.S. intelligence agencies believe that the company and its president have had close ties to Russian political and intelligence officials since at least 2012, when a major shakeup of the firm’s executive ranks brought in new members with ties to Russia’s three main intelligence agencies.
• Kaspersky supplies personnel to accompany Russian intelligence and police on raids and arrests, and designed cybersecurity software that provides Russian law enforcement the location of possible hackers, according to press reports.
• The heads of five U.S. intelligence agencies, including the CIA, said they would not be comfortable using Kaspersky products on their networks.
Kaspersky antivirus solutions are integrated in a range of routers, chip and software products from such household names as Cisco, Amazon and Microsoft.