Bussiness
Biden Bans Kaspersky Software, Gives Users 100 Days To Find Alternative
President Biden has issued a ban on the sale of all Kaspersky security software in the U.S., effective immediately. The ban also extends to the use of Kaspersky software starting from September 29, and it applies to consumers, government, and business organizations. Critically, the ban includes security updates for existing customers.
The Department of Commerce has issued what’s called a final determination prohibiting Kaspersky and its affiliates from transactions in the U.S. This makes it illegal to sell, integrate or license any Kaspersky cybersecurity software on national security grounds.
The Bureau of Industry and Security found, following a review of Kaspersky’s cybersecurity transactions and services that they posed “unacceptable risks to the United States’ national security and the security and safety of its people.” Specifically, BIS concluded that the risk factors involved were threats posed by the Russian Federation, vulnerabilities created by Kaspersky products for national security and the impact of Russia exploiting them.
A BIS statement claims that “The manipulation of Kaspersky software, including in U.S. critical infrastructure, can cause significant risks of data theft, espionage, and system malfunction. It can also risk the country’s economic security and public health, resulting in injuries or loss of life.”
The final determination timeline is as follows:
- No new sales or agreements with U.S. persons from July 20.
- No new security software updates from September 29.
However, informational and educational services including threat intelligence, training and consulting services are not affected.
A Kaspersky spokesperson said that the company believes the decision was “based on the present geopolitical climate and theoretical concerns, rather than on a comprehensive evaluation of the integrity of Kaspersky’s products and services.” While committing to pursue all legally available options to overturn the ban, the Kaspersky statement insisted that “Kaspersky does not engage in activities which threaten U.S. national security and, in fact, has made significant contributions with its reporting and protection from a variety of threat actors that targeted U.S. interests and allies.”
Advice for what consumers and businesses need to do next has been provided by BIS.