The Biden administration on June 20 announced plans to bar the sale of antivirus software made by Russia's Kaspersky Lab in the United States, citing the firm's large U.S. customers, including critical infrastructure providers and state and local governments.
Moscow's influence over the company was found to pose a significant risk, Commerce Secretary Gina Raimondo said on a briefing call with reporters on Thursday. The software's privileged access to a computer's systems could allow it to steal sensitive information from American computers or install malware and withhold critical updates, enhancing the threat, a source added.
Also read | Is Kaspersky a geopolitical pawn?
"Russia has shown it has the capacity and... the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans and that is why we are compelled to take the action that we are taking today," Raimondo said on the call.
Kaspersky Lab and the Russian Embassy did not respond to requests for comment. Previously, Kaspersky has said that it is a privately managed company with no ties to the Russian government.
The sweeping new rule, using broad powers created by the Trump administration, will be coupled with another move to add three units of the company to a trade restriction list, Raimondo said, dealing a blow to the firm's reputation that could hammer its overseas sales.
The plan to add the cybersecurity company to the entity list, which effectively bars a company's U.S. suppliers from selling to it, and the timing and details of the software sales prohibition were first reported by Reuters.
The moves show the Biden administration is trying to stamp out any risks of Russian cyberattacks stemming from Kaspersky software and keep squeezing Moscow as its war effort in Ukraine has regained momentum and as the United States has run low on fresh sanctions it can impose on Russia.
It also shows the administration is harnessing a powerful new authority that allows it to ban or restrict transactions between U.S. firms and internet, telecom and tech companies from "foreign adversary" nations like Russia and China.
The tools are largely untested.
Former President Donald Trump used them to try to bar Americans from using Chinese social media platforms TikTok and WeChat, but federal courts halted the moves.
The new restrictions on inbound sales of Kaspersky software, which will also bar downloads of software updates, resales and licensing of the product, kick in on Sept. 29, 100 days after publication, to give businesses time to find alternatives. New U.S. business for Kaspersky will be blocked 30 days after the restrictions are announced.
Sales of white-labeled products — that integrate Kaspersky into software sold under a different brand name — will also be barred, the source said, adding that the Commerce Department will notify companies before taking enforcement action against them.
The Commerce Department will also entity list two Russian and one UK-based unit of Kaspersky for allegedly cooperating with Russian military intelligence to support Moscow's cyber intelligence goals.
Kaspersky's Russian business is already subject to sweeping U.S. export restrictions over Moscow's invasion of Ukraine. But its UK-based unit will now be effectively barred from receiving goods from American suppliers.
GROWING PRESSURE
Kaspersky has long been in regulators' crosshairs. In 2017, the Department of Homeland Security banned its flagship antivirus product from federal networks, alleging ties to Russian intelligence and noting Russian law lets intelligence agencies compel assistance from Kaspersky and intercept communications using Russian networks.
Media reports at the time alleged Kaspersky Lab was involved in taking hacking tools from a National Security Agency employee that ended up in the hands of the Russian government. Kaspersky responded by saying it had stumbled upon the code but said no third parties saw it.
Pressure on the company's U.S. business grew after Moscow's move against Kyiv. The U.S. government privately warned some American companies the day after Russia invaded Ukraine in February 2022 that Moscow could manipulate software designed by Kaspersky to cause harm, Reuters reported.
The war also prompted the Commerce Department to ramp up a national security probe into the software, first reported by Reuters, that resulted in Thursday's action.
The delayed unveiling of the prohibition is due in part to a "significant back and forth" with Kaspersky, which proposed mitigating measures instead of an outright ban, the source said.
However, the agency concluded that the threats, especially the ties to the Russian government, meant "there really were no mitigating measures that could be implemented to address those risks."
Under the new rules, sellers and resellers who violate the restrictions will face fines from the Commerce Department, the source added. If someone willfully violates the prohibition, the Justice Department can bring a criminal case. Software users will not face legal penalties but will be strongly encouraged to stop using it.
Kaspersky, which has a British holding company and operations in Massachusetts, said in a corporate profile that it generated revenue of $752 million in 2022 from more than 220,000 corporate clients in some 200 countries. Its website lists Italian vehicle maker Piaggio, Volkswagen's retail division in Spain and the Qatar Olympic Committee among its customers.
Published - June 21, 2024 06:14 am IST