September 15, 2017


U.S. Government Bans Federal Agencies from Using Kaspersky Labs Software

The Department of Financial Services issues the following Alert:

The U.S. Department of Homeland Security (“DHS”) issued a Binding Operational Directive (“BOD”) on Wednesday directing Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities.  Specifically, the BOD provides that departments and agencies must identify any use or presence of Kaspersky products on their information systems in the next 30 days, develop detailed plans to remove and discontinue present and future use of the products in the next 60 days and begin to implement the agency plans to discontinue use and remove the products from information systems within 90 days.

A statement by DHS accompanying the BOD stated, “the Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems.”  DHS cited concerns regarding possible ties between certain Kaspersky officials and Russian intelligence and other government agencies, as well as requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.  DHS has stated that “[t]he risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.”

The Department of Financial Services will continue to monitor this situation and requests its entities to do the same in order to take any and all actions they deem appropriate.