The Commerce Department said on June 20 that its Bureau of Industry and Security (BIS) has banned sales in the U.S. of a range of cybersecurity products and services sold by Russia-based Kaspersky Lab, Inc., with the agency saying their use poses a national security threat.
The ban on U.S. sales follows action in 2017 by the Department of Homeland Security to ban the use of Kaspersky-branded products by Federal government agencies in their information systems, and subsequent action by Congress to cement that prohibition into Federal law.
The Commerce Department said its action this week prohibits “Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons.”
“This action is the first of its kind and is the first Final Determination issued by BIS’s Office of Information and Communications Technology and Services (OICTS), whose mission is to investigate whether certain information and communications technology or services transactions in the United States pose an undue or unacceptable national security risk,” the Commerce Department said, adding, “Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use.”
This week’s action, the Commerce Department said, is “the result of a lengthy and thorough investigation, which found that the company’s continued operations in the United States presented a national security risk – due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations – that could not be addressed through mitigation measures short of a total prohibition.”
The agency urged “individuals and businesses that utilize Kaspersky software … to expeditiously transition to new vendors to limit exposure of personal or other sensitive data to malign actors due to a potential lack of cybersecurity coverage.” To minimize disruptions to current users, Kaspersky will be allowed to continue providing anti-virus signature updates and codebase updates through Sept. 29.
“The Biden-Harris Administration is committed to a whole-of-government approach to protect our national security and out-innovate our adversaries,” commented Commerce Secretary Gina Raimondo.
“Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people,” she said.
