At the end of last August, news coverage honed in on the FBI’s digging into Kaspersky Labs and its concerns over ties to Russia. The federal government then began taking action to remove Kaspersky from its list of approved vendors for government vendors. Kaspersky adamantly denied any inappropriate association with Russia. Some US officials were not pleased with the pressure they felt to follow suit in abandoning use of Kaspersky products, particularly without any hard proof of the allegations.
In August, Willy Leichter, vice president of marketing at Virsec, based in San Jose, Calif., told Search Security that given the high stakes in the Kaspersky-Russia investigation, "the FBI should be more cautious and transparent if there is hard evidence."
Today, two weeks later, a directive from the US Department of Homeland Security (DHS) has been released that increases their actions to a full-fledged ban on Kaspersky products, giving all federal agencies three months to locate and remove Kaspersky software products from their systems. The DHS expressed concern about Russian officials being able to apply pressure on Kaspersky to supply information it may become privy to in the process of provide its products and services, whether or not Kaspersky were in cooperation with any such intentions.
Kaspersky continues to deny such possibilities and expressed dismay at this decision but it intends to fight back and provide information to verify they have no nefarious involvement with Russia.
Willy Leichter told SC Magazine today that "In today's geopolitical environment, this step was probably inevitable. Whether you trust Kaspersky or not, it's impossible to prove a negative – that they weren't collaborating with the Russian government, especially because by its nature, this type of collaboration would be kept secret.
He also added, “But hopefully cooler heads will prevail before this becomes a Cold War-style commercial sanctions battle," said Leichter. "Further Balkanizing the internet runs contrary to the global cooperation needed to make cyber security successful."