REUTERS/Dado Ruvic
The Biden administration is set to announce plans to prohibit the sale of antivirus software developed by Russia’s Kaspersky Labs within the United States, according to a source familiar with the matter. This decision is prompted by the company’s significant U.S. clientele, which includes critical infrastructure providers and various state and local government entities.
Concerns have been raised regarding the company’s close connections to the Russian government, which have been identified as a substantial risk. The software’s extensive access to computer systems could potentially enable it to exfiltrate sensitive information, deploy malicious software, or withhold crucial updates from American systems. This forthcoming regulation, leveraging broad powers established during the Trump administration, will be accompanied by the company’s addition to a trade restriction list, according to additional sources. This move is expected to severely impact the firm’s reputation and could negatively affect its international sales.
The initiative to include Kaspersky Labs on the entity list would effectively prevent the company’s U.S. suppliers from conducting business with it. The specifics and timing of the software sales prohibition have not been previously disclosed. A representative from the Commerce Department declined to provide comments, while Kaspersky Lab and the Russian Embassy did not respond to inquiries. Kaspersky has previously asserted that it operates as a privately managed company with no governmental affiliations.
These actions reflect the administration’s efforts to eliminate potential cyber threats posed by Kaspersky software and to maintain pressure on Moscow amidst renewed momentum in Russia’s war efforts in Ukraine. This initiative also demonstrates the Biden administration’s utilization of new authorities that permit the banning or restriction of transactions between U.S. firms and technology companies from “foreign adversary” nations such as Russia and China. These tools remain largely untested; for instance, former President Donald Trump’s attempts to ban Americans from using Chinese social media platforms TikTok and WeChat were halted by federal courts.
The new restrictions on Kaspersky software sales will commence on September 29, providing a 100-day period post-publication for businesses to transition to alternative solutions. New U.S. business engagements for Kaspersky will be prohibited 30 days following the announcement of these restrictions. The sale of white-labeled products that incorporate Kaspersky software under different brand names will also be prohibited. The Commerce Department will notify companies before enforcing actions against them.
The impact of the entity listing on Kaspersky remains uncertain. If foreign units of Kaspersky that acquire significant U.S.-sourced inputs are included, it could disrupt the company’s supply chain. If only the Russian entity is added, the consequences would primarily be reputational.
Kaspersky has been under regulatory scrutiny for some time. In 2017, the Department of Homeland Security banned its flagship antivirus product from federal networks, citing alleged ties to Russian intelligence and noting that Russian law allows intelligence agencies to compel assistance from Kaspersky and intercept communications over Russian networks. Media reports from that period suggested Kaspersky Lab’s involvement in the misappropriation of National Security Agency hacking tools, which allegedly ended up with the Russian government. Kaspersky has claimed it inadvertently encountered the code and that no third parties had access to it.
Pressure on Kaspersky’s U.S. operations increased following Russia’s invasion of Ukraine. The U.S. government privately cautioned some American companies about potential risks associated with Kaspersky software the day after the invasion. This warning led the Commerce Department to intensify a national security investigation into the software, culminating in the current action.
The delay in announcing the prohibition is partly attributed to extensive discussions with Kaspersky, which proposed various mitigating measures as alternatives to an outright ban. However, the agency determined that the risks, particularly the company’s connections to the Russian government, could not be adequately mitigated.
Under the new regulations, sellers and resellers who violate the restrictions will be subject to fines from the Commerce Department. Willful violations of the prohibition could result in criminal charges from the Justice Department. While software users will not face legal penalties, they will be strongly advised to discontinue use of the software.
Kaspersky, with a U.K. holding company and operations in Massachusetts, reported revenue of $752 million in 2022 from over 220,000 corporate clients across approximately 200 countries. Notable customers listed on its website include Italian vehicle manufacturer Piaggio, Volkswagen’s retail division in Spain, and the Qatar Olympic Committee.
COMMENTS