The US Federal Communications Commission (FCC) added Kaspersky antivirus to their list of “security risks”. The addition was due to potential ties with Russian intelligence. This has led to a number of US companies and agencies discontinuing use of the software, citing concerns over cybersecurity.
On March 25th the FCC added AO Kaspersky Lab, China Telecom (Americas) Corp, and China Mobile International USA Inc. to their list of security risks. The FCC press release explains that all three companies’ services “pose substantial and unacceptable risks to U.S. national security”.
These additions were made following a March 15th statement from Germany’s Federal Office for Information Security (BSI). The BSI release recommends users of the Russian antivirus Kaspersky to replace the software with alternate products. BSI also points to the importance of thorough consideration and consulting with certified cybersecurity IT service providers.
Previous Cybersecurity Controversy
This isn’t the first time that Kaspersky has come under fire for its alleged links to the Russian government. In 2017, reports emerged that hackers working for the Russian military intelligence service used Kaspersky software to steal sensitive information from the home computer of an American National Security Agency (NSA) contractor.
Initial reports, namely a Wallstreet Journal report, pointed the blame squarely on the cybersecurity company. Further investigation determined that Russian hackers used a malware version of the Kaspersky software initially downloaded years prior.
The announcement by the FCC prohibits the use of any federal funds to purchase Kaspersky products. The report also points back to the 2017 NSA incident. This incident led to federal agencies removing Kaspersky software from all devices.
Response and Political Influences
Kaspersky denied any connection to Russian intelligence in their March 25th press release, for recent claims as well as the 2017 NSA incident. The report also references the Russian invasion of Ukraine as influencing the FCC’s decision.
Kaspersky states the decision is “unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services.” However, the allegations have sparked a larger conversation about cybersecurity. The conversation is circulating around risks posed by foreign governments.
The influence of anti-Russian sentiment in regards to the ongoing war cannot be denied. In fact, the BSI does not point to the efficacy of Kaspersky software as the major concern. Rather, they note the nature of antivirus programs requiring high levels of access, and widespread use by government officials.
The BSI’s major concern is the Russian-Ukraine war potentially influencing the company’s operations. “A Russian IT manufacturer can carry out offensive operations itself, be forced to attack target systems against its will, or be spied on without its knowledge as a victim of a cyber operation, or be misused as a tool for attacks against its own customers.”
Despite concerns, many experts believe Kaspersky is a quality antivirus software and the risks posed by Russian intelligence are overblown. However, the future of the company remains uncertain as more US companies and agencies sever ties. This instability is never something major corporations want to face with their vendors, especially with their sensitive information at risk.
Even if the company is viable as a secure antivirus software provider, will they survive the influence of the US and German security governing bodies? Should companies consider moving their software over in preparation for an eventual collapse of Kaspersky?
As with any question surrounding business and cybersecurity, following experts’ advice is essential. Businesses should consider the potential eventuality of Kaspersky going under, or compromise by the Russian government.
Suspicions around the company and their intentions have resurfaced since the 2017 NSA scandal. Based on Kaspersky’s track record and further evaluations of the software this may point to unfounded emotional responses rather than fact-based suspicion.
However, disregarding the influence of the current war, and the overstepping the invading Russian government has already done would be unwise. Even if the company itself is perfectly safe, the governing body Kaspersky has the misfortune to be operating under may further compromise the company’s future as a leader in cybersecurity.
At this point, it’s best to exercise caution and follow national security governance. Avoid using Kaspersky software until more is known about the company’s ties to the Russian government. Whichever decision companies make, they must ensure safety and caution while migrating to the use of alternate security products.