Russian cybersecurity software firm Kaspersky’s days of operating in the United States are now officially numbered.
The Biden administration said Thursday it is barring the company from selling its products to new US-based customers starting July 20, with the company allowed to provide software updates to existing customers until September 29. The ban is the first such action under the authority given to the Commerce Department in 2019—following years of warnings from the US intelligence community that Kaspersky is a national security threat because Moscow can allegedly commandeer its comprehensive antivirus software to spy its customers.
“When you think about national security, you might think about guns and tanks and missiles,” Commerce Secretary Gina Raimondo told reporters during a briefing Thursday. “But the truth is, more and more, it’s about technology, it’s about dual-use technology, and it’s about data.”
The United States conducted an “extremely thorough” investigation of Kaspersky and explored “every option” to mitigate its risks, Raimondo said, but officials settled on a blanket ban “given the ongoing cyber offensive capabilities of the Russian government and the capacity to influence Kasersky’s operations.”
The Kaspersky ban represents the latest rift in US-Russia relations as the latter country remains locked in a brutal war with Ukraine and takes other steps to threaten Western democracies, including testing an anti-satellite weapon with nuclear power and the formation of a strategic alliance. with North Korea. But the ban could also immediately complicate business operations for US companies using Kaspersky software, which will lose updated antivirus definitions critical to blocking malware in just three months.
The Biden administration knows roughly how many customers Kaspersky has in the U.S., but government lawyers have determined that information is proprietary business data and cannot be released, according to a Commerce Department official who briefed reporters on the terms of the release. anonymity to discuss a sensitive issue. matter. The official said the “significant number” of US customers include state and local governments and organizations that supply critical infrastructure such as telecommunications, energy and health care.
Raimondo had a message for Kaspersky customers in the US on Thursday: “You have done nothing wrong and are not subject to any criminal or civil penalties. However, I would encourage you, in the strongest possible terms, to stop using that software immediately and switch to an alternative to protect yourself, your data and your family.”
Commerce will work with the Departments of Homeland Security and Justice to “get this message out” and “ensure a smooth transition,” including a website explaining the ban, Raimondo said. “We certainly don’t want to disrupt any American’s business or families.”
DHS’s Cybersecurity and Infrastructure Security Agency will contact critical infrastructure organizations that use Kaspersky to inform them of the suspected national security risks and “help them identify alternatives,” the Department official said. of Trade.
Kaspersky has consistently denied being a national security risk or an agent of the Kremlin. The company did not immediately respond to a request for comment about the new nationwide ban. But given Kaspersky’s past use of litigation to defend itself, Thursday’s announcement could prompt another lawsuit that puts a high legal test of Commerce’s national security powers.