(U//FOUO) California Cybersecurity Integration Center Advisory: Security Concerns with Kaspersky Labs Products

The following bulletin was included in a press release by the University of California, Merced related to the University of California's decision to stop using Kaspersky Labs products.

Cybersecurity Advisory: Future selection of Kaspersky Labs products

Page Count: 2 pages
Date: July 12-13, 2017
Restriction: For Official Use Only, TLP Green
Originating Organization: California Cybersecurity Integration Center
File Type: pdf
File Size: 934,230 bytes
File Hash (SHA-256): 84EC06CE4F43961FE31E513E1521AD8720407AE766528AF45715D64933A48D88


Download File

(U) On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks.

(U) Last month the Senate Armed Services Committee passed a defense spending policy bill that would ban Kaspersky products from use in the military. The move came a day after the FBI interviewed several of the company’s U.S. employees at their private homes as part of a counterintelligence investigation into its operations.

(U) On 12 July, GSA made a tactical decision to remove Kaspersky Labs from two GSA schedules, thus effectively removing the vendor as an authorized source for purchases by any agency using GSA schedules.

• (U) The delisting represents the most concrete action taken against Kaspersky following months of mounting suspicion among intelligence officials and lawmakers that the company may be too closely connected to hostile Russian intelligence agencies accused of cyber-attacks on the United States.

• (U) Lawmakers raised concerns that Moscow might use the firm’s products to attack American computer networks, a particularly sensitive issue given allegations by U.S. intelligence agencies that Russia hacked and leaked emails of Democratic Party political groups to interfere in the 2016 presidential election campaign. Russia denies the allegations.

(U//FOUO) Per the U.S. General Services Administration, “After review and careful consideration, the General Services Administration made the decision to remove Kaspersky Lab-manufactured products from GSA IT Schedule 70 and GSA Schedul-67 – Photographic Equipment and Related Supplies and Services. GSA’s priorities are to ensure the integrity and security of U.S. government systems and network and evaluate products and services available on our contracts using supply chain risk management processes”.

(U//FOUO) State, Local, Tribal and Territorial government agencies that use GSA contract schedules for ordering IT goods and services and I or Photographic Equipment and Related Supplies and Services, or otherwise have Kaspersky Lab-manufactured products should consider the risk associated with these products and adhere to Federal guidelines.

Security Concerns with Kaspersky Labs Products

On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment.

The delisting represents the most concrete action taken against Kaspersky following months of mounting suspicion among intelligence officials and lawmakers that the company may be too closely connected to hostile Russian intelligence agencies accused of cyber-attacks on the United States.

• A Senate Armed Services Committee member said in a statement that “ties between Kaspersky Lab and the Kremlin are very alarming.”

• U.S. intelligence agencies believe that the company and its president have had close ties to Russian political and intelligence officials since at least 2012, when a major shakeup of the firm’s executive ranks brought in new members with ties to Russia’s three main intelligence agencies.

• Kaspersky supplies personnel to accompany Russian intelligence and police on raids and arrests, and designed cybersecurity software that provides Russian law enforcement the location of possible hackers, according to press reports.

• The heads of five U.S. intelligence agencies, including the CIA, said they would not be comfortable using Kaspersky products on their networks.

Kaspersky antivirus solutions are integrated in a range of routers, chip and software products from such household names as Cisco, Amazon and Microsoft.

Share this:

Facebooktwitterredditlinkedinmail