US says Kaspersky poses an unacceptable risk to national security

Kaspersky

The Federal Communications Commission (FCC) has added Russian cybersecurity firm Kaspersky to its Covered List because it poses unacceptable risks to US national security.

Kaspersky’s services covered by this decision include information security products, solutions and services provided by Kaspersky or its affiliates, including subsidiaries or affiliates.

The FCC’s list of national security bans was also expanded to include state-owned Chinese mobile service providers China Mobile International USA and China Telecom Americas.

The decision was made under the requirements of the Secure and Trusted Communications Networks Act of 2019 [PDF]†

According to FCC Commissioner Brendan Carr, their addition to the Covered List means they cannot receive support through the FCC’s Universal Service Fund.

“I am pleased that our national security services agree with my assessment that China Mobile and China Telecom appear to be meeting the threshold required to add these entities to our list,” Carr said. [PDF]†

“Their addition, as well as Kaspersky Labs, will help secure networks against threats from Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests.”

US federal agencies were first ordered to remove Kaspersky products from federal information systems through a Binding Operational Directive (BOD) issued by the Department of Homeland Security in September 2017.

HackerOne suspends Kaspersky’s bug bounty program

Earlier today, HackerOne blocked Kaspersky’s access and suspended its bug bounty program indefinitely.

HackerOne’s decision to disable the Kaspersky bug bounty program follows another blow to the Russian company after Germany’s Federal Office for Information Security, BSI, warned companies against using Kaspersky products.

The BSI suggested that Russian authorities could force the antivirus provider to allow Russian intelligence agencies to carry out cyber attacks on its customers or allow its products to be used for cyber espionage campaigns.

Today’s decision to classify Kaspersky as a national security threat follows previous decisions to ban and revoke China Unicom Americas’ license due to serious national security concerns in January 2022.

The FCC also added Chinese telecommunications companies Huawei, ZTE, Hytera Communications, Hikvision and Dahua to the ban list on March 12, 2021.

Huawei and ZTE were identified as national security threats to the integrity of U.S. communications networks or the communications supply chain in June 2020.

Update: Kaspersky sent the following statement after the article was published:

Kaspersky is disappointed with the Federal Communications Commission’s decision to ban the use of certain telecommunications-related federal subsidies for the purchase of Kaspersky products and services. This decision is not based on any technical assessment of Kaspersky products – which the company constantly advocates – but is instead made on political grounds.

Kaspersky argues that the US government’s 2017 ban on federal entities and federal contractors from using Kaspersky products and services was unconstitutional, based on unsubstantiated allegations and contained no public evidence of wrongdoing by the company. Since there has been no public evidence as of 2017 to otherwise justify these actions, and the FCC announcement specifically refers to the Department of Homeland Security’s determination in 2017 as the basis for today’s decision, Kaspersky believes the expansion of a such bans today on entities receiving FCC telecommunications-related subsidies are also unwarranted and in response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services.

Kaspersky will continue to assure its partners and customers of the quality and integrity of its products, and remains willing to work with U.S. government agencies to address concerns from the FCC and other regulatory authorities.

Kaspersky provides industry-leading products and services to customers around the world to protect them from all types of cyber threats, and it has clearly stated that it has no affiliation with any government, including that of Russia. The company believes that transparency and the continued implementation of concrete measures to demonstrate its continued commitment to integrity and reliability to its customers is paramount.

This post US says Kaspersky poses an unacceptable risk to national security

was original published at “https://www.bleepingcomputer.com/news/security/us-says-kaspersky-poses-unacceptable-risk-to-national-security/”