The Trump administration has discouraged government agencies from using a leading Russian cybersecurity firm’s software amid fears that the firm’s products could serve as a Trojan horse for the Kremlin’s hackers.

The General Services Administration said Tuesday that it had removed Kaspersky Lab from the approved list of vendors for two government-wide purchasing contracts that agencies use to acquire technology services.

“GSA’s priorities are to ensure the integrity and security of U.S. government systems and networks and evaluate products and services available on our contracts using supply chain risk management processes,” Donna Garland, a GSA spokeswoman, told POLITICO.

Agencies can still buy Kaspersky software outside the GSA contracts, but the process is more complex, and GSA’s decision signaled a desire on the part of the administration to discourage the use of Kaspersky products.

Kaspersky has vehemently denied any connection to the Russian government, and strenuously objected to suggestions the Kremlin could use its products to spy on its American customers.

In a statement, the company said it “has no ties to any government” and “has never helped, nor will help, any government in the world with its cyberespionage efforts.”

“Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations,” the company told POLITICO.

ABC News first reported Tuesday morning that the administration was considering blocking agencies from using Kaspersky software.

U.S. law enforcement and intelligence agencies have spent months investigating the possibility that Moscow could leverage its regulation of Russian companies to piggyback on Kaspersky products and breach American networks.

The Department of Homeland Security issued a secret report on Kaspersky in February, and the FBI has interviewed Kaspersky’s U.S. employees at their homes, according to ABC.

The Senate Intelligence Committee has also asked the Justice Department and the Office of the Director of National Intelligence — which oversees all intelligence agencies — to investigate the matter, ABC said. Committee lawmakers were briefed on the matter in late May, and Senate lawmakers recently added a provision to the annual defense policy bill that would bar the Pentagon from installing Kaspersky software.

Government leaders are particularly sensitive to Russia’s cyber menace in light of recent allegations that Moscow has deployed its hackers to infiltrate networks operating America’s critical infrastructure, including the power grid and election-related systems. The Kremlin has also been accused of orchestrating breaches at numerous government agencies, such as the State Department, White House and Pentagon.

Bloomberg reported Tuesday that Kaspersky had a close relationship with Russia’s Federal Security Service, or FSB, one of the two intelligence agencies that allegedly participated in the 2016 election cyberattacks. “It has developed security technology at the spy agency’s behest,” Bloomberg said, “and worked on joint projects the CEO knew would be embarrassing if made public.”

GSA said it had removed Kaspersky from the list of approved vendors in the agency’s Schedule 67 and Schedule 70 contracts, which cover digital imagery and IT services, respectively.

The ODNI declined to comment and the FBI did not immediately respond to a request for comment.

Source: http://www.politico.com/story/2017/07/11/trump-russian-security-software-240423

Advertisements