Capitol Hill

Lawmaker wants to know which agencies are using Kaspersky software

The United States House Science, Space and Technology Committee Chairman Lamar Smith, R-Texas, has requested a thorough investigation into Kaspersky Lab. The Moscow headquartered cybersecurity company has serviced about 400 million users worldwide — including a number of agencies and entities from the United States government — and there are concerns the company is susceptible to manipulation by the Russian government.

In the wake of the alleged Russian interference in the 2016 election, several articles have been published recently about the company and its founder and CEO Eugene Kaspersky and potential ties to Russian government. As far back as 2015, there have been reports that Kaspersky had “close ties to Russian spies” and even engaged in “sabotage” targeting the U.S. cybersecurity market, according to the letter Smith sent to a number of federal agencies.

A Kaspersky employee shuffles tokens around a table-top display at the company's stand at a cybersecurity conference in Lille, northern France, Wednesday, Jan. 25, 2017. Kaspersky on Wednesday confirmed that a senior manager at the firm had been arrested in Moscow. (AP Photo/Raphael Satter)
US government backing away from Russia-based Kaspersky Labs

The fate of Kaspersky Labs within the U.S. government appears to be in a death spiral as fresh reports seem to link the Russian cybersecurity company directly to Russian government intelligence and security agencies, a long founded claim disavowed by the company’s chief.

These concerns have given Smith — whose committee has jurisdiction over the National Institute of Standards and Technology and the NIST Cybersecurity Framework to safeguard the nation’s critical data — reason to ask for all agency documents and communications relating to Kaspersky Lab products and a complete list of federal information systems and contractors using Kaspersky services from 2013 to present.

According to the letter, anti-virus software is more powerful than sometimes acknowledged. The software has permissions that allow it to operate without being monitored, allowing compromised software the potential to corrupt an entire system. Information gathered from the SST Committee request will help determine if NIST standards and guidelines should be refined in response to threats from this vector.

All documents and information are requested to be submitted as soon as possible, but no later than Aug. 11, 2017.

Recommended for you
Around The Web