The Department of Homeland Security wants all Kaspersky products off of federal networks within the next 90 days.
The move comes in a new binding operation directive issued Wednesday by Acting Secretary of Homeland Security Elaine Duke, reports CyberScoop’s Patrick Howell O’Neill.
“The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems,” Homeland Security’s statement reads.
The ban is being justified “based on the information security risks presented by the use of Kaspersky products on federal information systems” and concern over “the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
Speaking in Washington D.C., White House cybersecurity czar Rob Joyce called Kaspersky “an unacceptable risk” for the U.S. government because, under Russian law, “companies like Kaspersky “must collaborate with the FSB.” He called the ban a “risk-based decision.”