Biden administration bans Kaspersky Lab products in US

The Biden administration announced Thursday a ban on using Kaspersky Lab's antivirus software and cybersecurity products or services in the United States as part of a "first of its kind" move due to the vendor's ties with the Russian government.

The ban came via the Department of Commerce's Bureau of Industry and Security (BIS), which said in the announcement that going forward it will prevent Kaspersky Lab and other connected Kaspersky entities "from directly or indirectly providing anti-virus software and cybersecurity products or services in the United States or to U.S. persons." It will also be prevented from updating software already in use once the ban takes effect on Sept. 29 at 12 a.m. Eastern time.

BIS also added three Kaspersky entities -- Russia's Kaspersky Lab and OOO Kaspersky Group, as well as the U.K.'s Kaspersky Labs -- to its Entity List "for their cooperation with Russian military and intelligence authorities in support of the Russian Government’s cyber intelligence objectives."

The Commerce Department did not cite any specific wrongdoing or illegal activity on Kaspersky's part. Instead, the agency pointed the finger at the Russian government.

"Today's Final Determination and Entity Listing are the result of a lengthy and thorough investigation, which found that the company's continued operations in the United States presented a national security risk -- due to the Russian Government's offensive cyber capabilities and capacity to influence or direct Kaspersky's operations -- that could not be addressed through mitigation measures short of a total prohibition," the announcement read.

Secretary of Commerce Gina Raimondo added in the statement that the Biden-Harris administration "is committed to a whole-of-government approach to protect our national security and out-innovate our adversaries.

"Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people," she said. "Today's action, our first use of the Commerce Department's ICTS authorities, demonstrates Commerce's role in support of our national defense and shows our adversaries we will not hesitate to act when … their technology poses a risk to United States and its citizens."

Kaspersky responded with a lengthy statement published on its website in which the company said the announcement does not affect Kaspersky's ability to sell and promote cyber threat intelligence offerings and trainings within the U.S. Furthermore, it slammed the decision and said the primary benefactor of the move, which will disrupt cybersecurity protections for existing customers, will be cybercriminals.

"Despite proposing a system in which the security of Kaspersky products could have been independently verified by a trusted 3rd party, Kaspersky believes that the Department of Commerce made its decision based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky's products and services," Kaspersky said.

"Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies. The company intends to pursue all legally available options to preserve its current operations and relationships."

The prohibition on Kaspersky products may be the first of its kind in the U.S., but the company's supposed ties to the Kremlin have long been under scrutiny. In 2018, the European Union instituted its own Kaspersky ban, leading the vendor to cut ties with Europol. And in 2017, the Department of Homeland Security instructed federal entities to remove Kaspersky-branded products from their networks.

Alexander Culafi is a senior information security news writer and podcast host for TechTarget Editorial.