The US has announced plans to ban the sale of antivirus software made by Russian firm Kaspersky due to its alleged links to the Kremlin.
Moscow’s influence over the company was found to pose a significant risk to US infrastructure and services, Commerce Secretary Gina Raimondo said last Thursday.
The US was compelled to take this action due to Russia’s “capacity and intent to collect and weaponize the personal information of Americans”.
“Kaspersky will generally no longer be able to, among other activities, sell its software within the United States or provide updates to software already in use,” the Commerce Department said.
Today’s Final Determination and Entity Listing are the result of a lengthy and thorough investigation, which found that the company’s continued operations in the United States presented a national security risk—due to the Russian Government’s offensive cyber capabilities and capacity to influence or direct Kaspersky’s operations—that could not be addressed through mitigation measures short of a total prohibition.
Individuals and businesses that utilize Kaspersky software are strongly encouraged to expeditiously transition to new vendors to limit exposure of personal or other sensitive data to malign actors due to a potential lack of cybersecurity coverage. Individuals and businesses that continue to use existing Kaspersky products and services will not face legal penalties under the Final Determination. However, any individual or business that continues to use Kaspersky products and services assumes all the cybersecurity and associated risks of doing so.
In order to minimize disruption to U.S. consumers and businesses and to give them time to find suitable alternatives, the Department’s determination will allow Kaspersky to continue certain operations in the United States—including providing anti-virus signature updates and codebase updates—until 12:00AM Eastern Daylight Time (EDT) on September 29, 2024.
The ban uses broad powers created by the Trump administration to ban or restrict transactions between US firms and tech companies from “foreign adversary” nations like Russia and China. The ban will effectively bar downloads of software updates, resales and licensing of the product as of September 29th, 2024 and new business will be restricted within 30 days of the announcement. Sellers and resellers who violate the restrictions will face fines from the Commerce Department.
Kaspersky said it intends to pursue “all legally available options” to fight the ban, and denied it engaged in any activity that threatened US security.
The Commerce Department will also list two Russian and one UK-based unit of Kaspersky for allegedly cooperating with Russian military intelligence.
The company has long been a target for US regulators. In 2017, the Department of Homeland Security banned its flagship antivirus product from federal networks, alleging ties to Russian intelligence.
While the multinational firm is headquartered in Moscow, it has offices in 31 countries around the world, servicing more than 400 million users and 270,000 corporate clients in more than 200 countries, the Commerce Department said.
The number of customers affected in the US is classified business data. However, a Commerce Department official was quoted as saying that it was a “significant number” and included state and local governments and companies that supply telecommunications, power, and healthcare. We can expect to see other nations follow our lead in banning Kaspersky.
Deliver David's Tech Talk to my inbox
We'll send David's weekly Tech Talk to your inbox - including the MP3 of the actual radio spot. You'll never miss a valuable tip again!