On September 13, 2017 the Acting Secretary of Homeland Security, Elaine Duke, issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions and services supplied directly or indirectly by Russian company Kaspersky Lab.
Earlier, in July 2017, the United States’ General Services Administration removed Kaspersky Lab from its lists of approved vendors for contracts that cover information technology services and digital photographic equipment. Consequently, this huge cybersecurity company was no longer authorized to do business with the US government (state departments and government agencies).
Being one of the top anti-virus software providers globally, Kaspersky Lab has been banned in September 2017 after “careful consideration of available information and consultation with interagency partners” (https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01). According to the directive 17-01 issued by the United States’ Department of Homeland Security (DHS), this action has been based on the “information security risks presented by the use of Kaspersky products on federal information systems” (https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01). The DHS is concerned about the possible ties between unnamed Kaspersky officials and the Kremlin as well as Russian intelligence agencies. The US government cannot accept the risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could get access to the federal information systems. This directly implicates U.S. national security.
In order to reduce potential vulnerabilities, the DHS has given all US federal agencies and departments 90 days to remove Kaspersky Lab software from their IT systems. However, Kaspersky has denied any unethical ties with the Russian or any other government and said in a statement that “no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company” (https://www.theguardian.com/technology/2017/sep/13/us-government-bans-kaspersky-lab-russian-spying).
Thus, Kaspersky Lab, who receives 85% of its revenue from outside Russia, was probably caught in the middle of a geopolitical fight. Nevertheless, as it is said in the DHS’s statement, Kaspersky can submit a written response addressing the Department’s concerns or mitigate those concerns. “The Department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant” stated the DHS by adding that “further information about this process will be available in a Federal Register Notice” (https://www.dhs.gov/news/2017/09/13/dhs-statement-issuance-binding-operational-directive-17-01).
