Lawmakers Rethink Federal Use of Kaspersky Lab Products

Congressional lawmakers and federal agencies are reevaluating the federal government’s relationship with Moscow-based cybersecurity firm Kaspersky Lab over concerns about the company’s ties with Russian intelligence services.

The House Science, Space, and Technology Committee sent letters to 22 U.S. government agencies July 27 asking them to turn over any documents and information they have on Kaspersky Lab and disclose whether they utilize the company’s software.

“The Committee is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage, or other nefarious activities against the United States,” Committee Chairman Lamar Smith (R-Texas) wrote in the letter.

The move comes amid growing friction between the United States and Russia on a number of fronts. Congressional intelligence committees are probing Russia’s purported meddling in the 2016 presidential campaign. A Justice Department investigation led by former FBI Director Robert Mueller is charged with examining similar ground.

Kaspersky Lab founder and CEO Eugene Kaspersky, who has denied that his antivirus company has connections to Russian intelligence, participated in a May 11 Reddit Ask Me Anything forum and said his company was being targeted “due to political reasons.” He added that he would be happy to “testify in front of the Senate, to participate in the hearings and to answer any questions they would decide to ask me.”

Kaspersky’s comments came after intelligence officials said during a Senate Intelligence Committee hearing held the same day that they would not be comfortable using Kaspersky products.

During a June 15 House Science subcommittee hearing on bolstering the federal government’s cybersecurity efforts, Clay Higgins — a freshman Republican from Louisiana — said the committee should take Kaspersky up on his offer to testify before Congress.

Higgins said in a July 13 interview that he stood by his position that Kaspersky “should be subpoenaed or voluntarily present himself to Congress for interview.”

“I think Mr. Kaspersky made that statement quite flippantly some time ago, but recently and to their credit, our executive branch has taken actions to remove them from approved lists of vendors and to sort of exorcise them from within the parameters of the American government,” Higgins added.

Reuters reported that the Trump administration removed Kaspersky Lab from the U.S. General Services Administration’s list of approved vendors for federal agencies July 11.

Higgins said that GSA’s move was a positive step “to stop the bleeding and address this thing,” but added that he remains concerned about what else is going to be discovered moving forward.

“The suspicions of Kaspersky cybersecurity software being used as a means by which to access systems has been widely spoken of,” Higgins noted. “You talk to guys who have been in the cybersecurity business, it’s just sort of a common thing. Those guys will not have the Kaspersky cybersecurity systems on their own devices.”

A House Science Committee spokesperson said that the investigation into the antivirus company is ongoing.

“At this point, the chairman has just begun his oversight,” the spokesperson said. “He is looking forward to hearing back from the agencies and will make appropriate decisions on next steps from there.”

Senate lawmakers are working to limit the Department of Defense’s reliance on Kaspersky Lab products through the 2018 National Defense Authorization Act.

An amendment offered by Sen. Jeanne Shaheen (D-N.H.) to the defense authorization bill would prohibit the Defense Department from utilizing “any software platform developed, in whole or in part, by Kaspersky Lab or any entity of which Kaspersky Lab has a majority ownership.” Debate on the Senate’s NDAA bill could begin after senators return from August recess.