The Biden administration announced plans Thursday to ban the sale of antivirus software made by Russia’s Kaspersky Lab in the United States, citing the firm’s large American customers, including critical infrastructure providers and state and local governments.
Moscow’s influence over the company was found to pose a significant risk, Commerce Secretary Gina Raimondo said in a briefing call with reporters Thursday. The software’s privileged access to a computer’s systems could allow it to steal sensitive information from US computers or install malware and block critical updates, increasing the threat, one source added.
“Russia has shown that it has the capacity and intent to use Russian companies like Kaspersky to collect and weaponize Americans’ personal information, and that’s why we’re forced to take the actions we’re taking today,” Raimondo said. The call.
Kaspersky Lab and the Russian Embassy did not respond to requests for comment. Previously, Kaspersky has said that it is a privately managed company and has no ties to the Russian government.
The sweeping new rule, using broad powers created by the Trump administration, will be accompanied by another move to add three of the company’s units to a list of trade restrictions, Raimondo said, dealing a blow to the firm’s reputation. which could hurt its overseas sales.
The plan to add the cybersecurity company to the entity list, which effectively bars a company’s US suppliers from selling to it, and the timing and details of the software sales ban were first reported by Reuters.
The moves show the Biden administration is trying to eliminate any risk of Russian cyberattacks stemming from Kaspersky software and continue to clamp down on Moscow as its war effort in Ukraine regains momentum and as the United States ends new sanctions that could decide against Russia.
It also shows that the administration is using a powerful new authority that allows it to ban or limit transactions between US firms and internet, telecom and technology companies from “foreign adversary” countries such as Russia and China.
“We would never give an adversary nation the keys to our networks or equipment, so it is crazy to think that we would continue to allow Russian software with the deepest possible access to equipment to be sold to Americans,” said Democratic Sen. Mark Warner, chairman of the Senate Intelligence Committee.
The new restrictions on inbound sales of Kaspersky software, which will also ban downloads of software updates, resale and licensing of the product, begin on September 29, 100 days after release, to give businesses time to find alternatives. New US business for Kaspersky will be blocked 30 days after the restrictions are announced.
Sales of white-label products — which integrate Kaspersky into software sold under a different brand name — will also be banned, the source said, adding that the Commerce Department will notify the companies before taking enforcement action against them.
The Commerce Department will also list two Russian and one UK-based Kaspersky unit for allegedly cooperating with Russian military intelligence to support Moscow’s cyber-intelligence goals.
Kaspersky’s Russian business is already subject to comprehensive US export restrictions due to Moscow’s occupation of Ukraine. But its UK-based unit will now effectively be banned from receiving goods from US suppliers.
Kaspersky has long been in the crosshairs of regulators. In 2017, the Department of Homeland Security banned its flagship antivirus product from federal networks, alleging ties to Russian intelligence and noting that Russian law allows intelligence agencies to compel assistance from Kaspersky and intercept communications using the networks. Russian.
Media reports at the time alleged that Kaspersky Lab was involved in obtaining hacking tools from a National Security Agency employee that ended up in the hands of the Russian government. Kaspersky responded by saying it had stumbled upon the code, but said no third party had seen it.
Pressure on the company’s business in the US increased after Moscow’s move against Kiev. The US government privately warned several US companies a day after Russia invaded Ukraine in February 2022 that Moscow could manipulate software created by Kaspersky to cause harm, Reuters reported.
The fight also prompted the Commerce Department to launch a national security investigation into the software, first reported by Reuters, which resulted in Thursday’s action.
Under the new rules, sellers and resellers who violate the restrictions will face fines from the Commerce Department, the source added. If someone willfully violates the ban, the Department of Justice can file a criminal case. Users of the software will not face legal penalties, but will be strongly encouraged to stop using it.
Kaspersky, which has a British holding company and operates in Massachusetts, said in a corporate profile that it generated revenue of $752 million in 2022 from more than 220,000 corporate customers in about 200 countries. Its website lists Italian automaker Piaggio, Volkswagen’s retail division in Spain and the Qatar Olympic Committee among its clients.