The Federal Communications Commission (FCC) has declared cybersecurity and antivirus provider Kaspersky a threat the national security, with the firm suspected of having close ties to the Russian government.
US government agencies are already forbidden from using Kaspersky products, but this move will usher in its removal from the private sector too.
The news follows the German government’s recent indictment of the security service, with the country’s Federal Office for Information Security fearful that Kaspersky could be weaponized by the Kremlin.
FCC Adds Kaspersky to the Blacklist
The FCC has added Kaspersky to the US government’s list of equipment and services that pose a security threat, covered by Section 2 of the Secure Networks Act.
The list itself is only eight companies long, with China Telecom and China Mobile International also joining Kaspersky on March 25. Kaspersky is the first Russian company to be included by the commission.
“[The addition of China Telecom and China Mobile International] as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state-backed entities” – Brendan Carr, Office of Commissioner (FCC).
Other companies that make the list include Chinese firms Huawei, ZTE, Hytera, Hikvision, and Dahua Technology, all of whom were added on March 12, 2021
Kaspersky Denies All Wrong Doing
Kaspersky – which is headquartered in Moscow – has strenuously denied claims that they cooperate with the Kremlin on issues of cyber-warfare and espionage.
“Kaspersky is disappointed with the decision by the Federal Communications Commission (FCC) to prohibit certain telecommunications-related federal subsidies from being used to purchase Kaspersky products and services” – Kaspersky.
The company said in a statement the decision was “not based on any technical assessment of Kaspersky products”, claiming instead that it was “being made on political grounds.”
This is effectively the same position that Kaspersky took after a Binding Operational Directive issued by the Department of Homeland Security in 2017 – which Kaspersky said was “unconstitutional” – banned federal departments from using the firm’s products.
After the ban, the company will be unable to access the FCC’s $8 billion Universal Service Fund, which is used to maintain services to low-income families and those that live in rural areas.
Kaspersky and the Kremlin: Cooperation or Conspiracy?
Precisely how close Kaspersky is to the Russian government – if at all – is hard to determine. According to Cybernews, a lot of state-owned entities – News agencies TASS and Russia Today, as well as GazpromBank – are protected by Kaspersky labs.
What’s more, in March – just days after the Russian invasion of Ukraine – a cybersecurity researcher claimed on Twitter that Russias’s Ministry of Defence was being hosted on Kaspersky's infrastructure.
You wouldn’t guess it from the Moscow headquarters, but all of the company’s data infrastructure is actually based in Switzerland whilst the company’s holding is registered in the UK.
The company denied this and instead claimed the Russian MoD uses Kaspersky’s DDoS Protection, as do many other companies in Russia and beyond – and further clarified that no government authority has access to the company’s infrastructure.
You wouldn’t guess it from the Moscow headquarters, but all of the company’s data infrastructure is actually based in Switzerland whilst the company’s holding is registered in the UK. overall, Kaspersky operated in 200 countries.
There have prior been concerns raised about the company’s founder, Eugene Kaspersky – according to a Foreign Policy article from 2012, Eugene Kaspersky “was educated at a technical school sponsored by the KGB, and he spent time working for the Russian military.”
But Mr. Kapsersky has, similarly to the company, always maintained his innocence – he claimed in 2017 that a request from the Russian government to carry out espionage on its behalf would result in him moving the antivirus provider out of the country.
Secure Your Network
Whether you have Kaspersky or another type of antivirus software protecting your company network, now is the time to review what you've got and what you might need considering the increasing frequency of damaging cyber attacks.
Keeping your software up-to-date and ensuring you always have the latest, cutting-edge protection are both good principles to live by, but reviewing the reputability of the provider you trust to ensure the safety of your business is also advised.
If you're struggling to find detailed information on your provider – or any provider's – security record, ask them if they produce transparency reports and where they publish them.