10 Things Partners Need To Know About Government Allegations Against Kaspersky Lab
Update On Key Events
The past few months have seen a saga unfolding between security vendor Kaspersky Lab and the federal government. The federal government has moved to block sales of the Moscow-based security vendor across all agencies, alleging the vendor has inappropriate ties to the Russian government. Kaspersky has fired back, saying the allegations are false on all counts. The private sector has also moved away from Kaspersky, with retailer Best Buy pulling the security vendor from its shelves. As the back and forth continues, Kaspersky partners tell CRN they are hearing more questions from their customers about the allegations and what they mean for their security portfolios. Here is an update on the key events so far between Kaspersky and the federal government, as well as what we might expect to see going forward.
What Is The Government Alleging?
Multiple agencies at the government, including the Department of Homeland Security, the Senate Armed Services Committee, and individual senators and representatives, have come out against Kaspersky Lab, citing the company's Russian headquarters and alleging it "might be vulnerable to Russian government influence," according to one bill set on removing the company from government purchasing processes. A Bloomberg report added fuel to the fire, alleging that Kaspersky had been working with the Russian intelligence agency FSB, citing internal emails it had obtained. It said the relationship included developing technologies for the agency to prevent against DDoS attacks. Kaspersky has denied any involvement with the Russian government.
How Is Kaspersky Lab Responding?
Kaspersky has denied all allegations of Russian involvement. In its most recent statement, in response to a move by the DHS to block sales of Kaspersky software to the federal government, Kaspersky said it "doesn't have inappropriate ties with any government" and that "no credible evidence has been presented publicly or by anyone or any organization as the accusations are based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies on the company." Kaspersky said it does business with governments around the world, but "does not have unethical ties or affiliations with any government, including Russia."
"Kaspersky Lab has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts, and it's disconcerting that a private company can be considered guilty until proven innocent, due to geopolitical issues," the company said.
Kaspersky CEO Eugene Kaspersky (pictured) has agreed to testify before the U.S. House of Representatives about the issue.
Where Is Kaspersky Based?
Kaspersky has global headquarters in Moscow and has North American headquarters in Woburn, Mass. The company said more than 85 percent of its revenue comes from outside Russia. It also announced a continued commitment to the North American market in August, saying it plans to open new offices in Chicago, Los Angeles and Toronto. The company said North America remains a "strategic region."
What Steps Has The Government Taken Against Kaspersky?
Multiple agencies have moved to block Kaspersky sales to the federal government. The company was removed from the GSA Schedule in July, a move that doesn't prevent the government from buying Kaspersky software entirely but those purchases would have to be separate from the GSA contract process. The DHS took this one step further in September, issuing a directive that all Kaspersky products be removed from federal networks within the next 90 days. The DHS said it banned Kaspersky's products from U.S. government networks because it was "concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."
What Products Are Now Banned From Government Sales?
Kaspersky products banned by the DHS directive include Kaspersky Anti-Virus, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Small Office Security, Kaspersky Anti Targeted Attack, Kaspersky Endpoint Security, Kaspersky Cloud Security (Enterprise), Kaspersky Cybersecurity Services, Kaspersky Private Security Network and Kaspersky Embedded Systems Security.
What Does The Ban Mean For OEM Agreements?
The DHS directive was unclear on what impact the ban would have on Kaspersky OEM products. Many vendors use Kaspersky security products under OEM agreements. According to the text of the directive, it "does not address Kaspersky code embedded in the products of other companies."
What About The Private Sector?
Kaspersky's troubles aren't limited to the public sector. In September, electronics retail giant Best Buy said it would no longer sell the company's consumer security software in its retail stores. One recent report said the FBI had put pressure on the private sector to cut ties with the vendor.
What Does The Ban Mean For Partners?
Partners said they are starting to feel some impact from the allegations against the vendor. Some partners told CRN that that impact is limited to explaining to customers the benefits of the technology. Others have said they have pulled the technology out of their customers, especially those that are related to or do business with the federal government.
What Other Vendors Are Moving Against Kaspersky?
Some competitors are looking to move in on Kaspersky. VIPRE, for one, unveiled in May a buyback program for those it said are concerned about their data under Kaspersky. It said current Kaspersky customers could get six months free of any VIPRE security offering. Symantec has also posted on Twitter about the issue, and Malwarebytes has put out a marketing email about the issue, according to a report by Buzzfeed.
What Can We Expect Moving Forward?
It's not clear yet what the future holds for Kaspersky in the North American market. While the federal government represents one of the larger markets for IT, the security vendor said it is committed to a future in the region. The next likely step is CEO Kaspersky's testimony before the U.S. House of Representatives Committee on Science, Space, and Technology. The executive has agreed to testify before the committee, pending an expedited visa.
"I look forward to publicly addressing the allegations about my company and its products," Kaspersky said about the hearing.