Biden Bans Kaspersky Software Sales Over Russia Ties

On Thursday, Commerce Secretary Gina Raimondo said that Russia’s influence over Kaspersky Lab posed a substantial security concern, thus the Biden administration will ban its software sales

According to a source, the software’s privileged access to a computer’s systems could enable it to steal sensitive information from American computers, install malware, and withhold critical updates, thereby strengthening the threat.

The source also mentioned that Kaspersky’s customers include state and local governments and critical infrastructure providers.

“Russia has shown it has the capacity and … the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans, and that is why we are compelled to take the action that we are taking today,” Raimondo stated during a briefing call with reporters.

Kaspersky stated that the U.S. decision was predicated on “the current geopolitical climate and theoretical concerns” rather than a thorough assessment of the integrity of Kaspersky’s products and services.

Kaspersky emphasized in an email that its operations were not jeopardizing U.S. national security and that it would pursue legal means to maintain them.

The Russian Embassy should have been sent to requests for comment. Kaspersky has previously stated that it is a privately owned company with no affiliations to the Russian government.

Raimondo stated that the sweeping new rule could damage the company’s reputation and would be accompanied by an additional action to add three units to a trade restriction list.

This action will be taken with the extensive powers established by former President Donald Trump’s administration, which could significantly impact Kaspersky’s overseas sales.

Reuters was the first to report on the intention to include the cybersecurity company in the entity list, which effectively prohibits a company’s U.S. suppliers from selling to it. Additionally, the timing and specifics of the software sales prohibition were disclosed.

The Biden administration’s actions demonstrate its efforts to eliminate any potential risks of Russian cyberattacks that may result from Kaspersky software and to continue to exert pressure on Moscow, as the war effort in Ukraine has regained momentum and the United States has exhausted its supply of new sanctions that it can impose on Russia.

It also demonstrates that the administration utilizes a potent new authority to prohibit or restrict transactions between U.S. firms and internet, telecommunications, and technology companies from “foreign adversary” nations such as China and Russia.

“It is absurd to believe that we would continue to permit the sale of Russian software to Americans, given that we would never grant an adversarial nation access to our networks or devices,” stated Democratic Senator Mark Warner, the head of the Senate Intelligence Committee.

The new restrictions on inbound sales of Kaspersky software, which will also prohibit downloads of software updates, resales, and product licensing, will be implemented on Sept. 29, 100 days after publication.

This transition period is intended to allow businesses to identify alternative solutions. Kaspersky will be prohibited from conducting new business in the United States for 30 days following the announcement of the restrictions.

The source also stated that the Commerce Department will notify companies before taking enforcement action against them, and sales of white-labeled products, which integrate Kaspersky into software sold under a different brand name, will also be prohibited.

The Commerce Department will also designate two Russian and one UK-based Kaspersky units for allegedly collaborating with Russian military intelligence to support Moscow’s cyber intelligence objectives.

Kaspersky’s Russian business is already subject to extensive U.S. export restrictions as a result of Moscow’s invasion of Ukraine. However, its UK-based unit will now be effectively prohibited from receiving products from American suppliers.

INCREASING PRESSURE

Kaspersky has been the subject of regulatory scrutiny for an extended period. In 2017, the Department of Homeland Security prohibited using its primary antivirus product on federal networks, citing allegations of collaboration with Russian intelligence. Under Russian law, intelligence agencies can compel Kaspersky’s assistance and intercept communications through Russian networks.

Media reports from the time suggested that Kaspersky Lab was involved in the theft of hacking tools from a National Security Agency employee, which ultimately wound up in the hands of the Russian government.

In response, Kaspersky stated that it had discovered the code but claimed that no third parties had observed it.

The company’s U.S. business was subjected to increased pressure following Moscow’s action against Kyiv. Some American companies were privately advised by the U.S. government the day following the Russian invasion of Ukraine in February 2022 that Moscow could manipulate software developed by Kaspersky to cause injury, according to Reuters.

The conflict also prompted the Commerce Department to intensify a national security investigation into the software, culminating in the action taken on Thursday, as first reported by Reuters.

The source also stated that sellers and resellers who violate the new regulations will be subject to penalties from the Commerce Department.

The Justice Department can file a criminal case against an individual who willfully violates the prohibition. Software users will not be subject to legal penalties but will be strongly advised to discontinue their use.

In a corporate profile, Kaspersky, a British holding company operating in Massachusetts, reported that it generated revenue of $752 million in 2022 from more than 220,000 corporate clients in approximately 200 countries.

Volkswagen’s (VOWG_p.DE) retail division in Spain, the Qatar Olympic Committee, and Italian vehicle manufacturer Piaggio (PIA.MI) are among the clients listed on its website.