Section 1634 of the bill prohibits the use of security software and services provided by security giant Kaspersky Lab, the ban will start from October 1, 2018.
Below the details of the ban included in the section 1634 of the National Defense Authorization Act for Fiscal Year 2018.
“SEC. 1634. Prohibition on use of products and services developed or provided by Kaspersky Lab.
(a) Prohibition.—No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by—
(1) Kaspersky Lab (or any successor entity);
(2) any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(3) any entity of which Kaspersky Lab has majority ownership.
(b) Effective date.—The prohibition in subsection (a) shall take effect on October 1, 2018.”
Senator Jeanne Shaheen joyed for the news, asserting that the US Government gathered all necessary evidence to motivate such decision.
“The case against Kaspersky is well-documented and deeply concerning. This law is long overdue, and I appreciate the urgency of my bipartisan colleagues on the Senate Armed Services Committee to remove this threat from government systems.” commented Shaheen.
Sen. Shaheen is the author of a letter recently sent to the Trump administration asking that information on Kaspersky Lab be declassified “to raise public awareness regarding the serious threat that the Moscow-based software company poses to the United States’ national security.”
Also included is my amendment to ban the use of Kaspersky Lab software on all government computers. The case against Kaspersky is well-documented & deeply concerning, & I’ll continue to advocate for measures to strengthen our nation’s cybersecurity. https://t.co/P4WXnEu85e
— Sen. Jeanne Shaheen (@SenatorShaheen) December 12, 2017
Kaspersky Lab issued the following statement about the Section 1634.
“Kaspersky Lab continues to have serious concerns about Section 1634 of the National Defense Authorization Act due to its geographic-specific approach to cybersecurity, singling out Kaspersky Lab, which we maintain, does little to mitigate information security risks affecting government networks.” reads the statement issued by Kaspersky.
“Nevertheless, Kaspersky Lab is assessing its options, while continuing to protect its customers from cyber threats, and collaborating globally with the IT security community to fight cybercrime.”
In September, the U.S. DHS ordered federal agencies to stop using Kaspersky software and service.
The ban was the response to the concerns about possible ties between Kaspersky and Russian intelligence agencies.
According to The Washington Post, which first reported the news, the order applies to all civilian government networks, but not the military ones.
Recently the UK’s National Cyber Security Center (NCSC) has also issued a warning regarding the use of Kaspersky software and services by government agencies.
The CEO of the UK National Cyber Security Centre (NCSC), Ciaran Martin, wrote to permanent secretaries regarding the issue of supply chain risk in cloud-based products, including anti-virus (AV) software.
The NCSC is a branch of the UK Government Communications Headquarters (GCHQ), the UK intelligence and security agency.
The letter warns against software made in hostile states, specifically Russia, as the Prime Minister’s Guildhall speech set out, the Government of Moscow is acting against the UK’s national interest in cyberspace.
Kaspersky has repeatedly denied the accusations and it announced the launch of a transparency initiative that involves giving partners access to the source code of its solutions.
(Security Affairs – Kaspersky Lab, Cyber espionage)