The US Department of Commerce’s Bureau of Industry and Security (BIS) has announced a “final determination” prohibiting Kaspersky Lab from directly or indirectly providing its anti-virus software, cybersecurity products, or services in the US or to US persons.
The ban, although “first of its kind” as claimed in the BIS’ notification, is a result of a two-year probe into the Russia-based security company. The company’s close ties to Russia raised alarms regarding national security within the government, fearing that Kaspersky’s products could be used to steal sensitive information, install malware, or withhold updates from American citizens.
The Biden administration’s power to ban software is derived from rules created under the Trump administration, although the BIS hasn’t stated exactly what powers were used.
The BIS also added three entities—AO Kaspersky Lab, OOO Kaspersky Group (Russia), and Kaspersky Labs Limited (United Kingdom) to its Entity List for cooperating with Russian military and intelligence authorities in support of the Russian government’s cyber intelligence objectives.
The ban completely prohibits the sale of Kaspersky products and services in the US or to US citizens. The company has until September 29, 2024, to provide any updates to its products or codebase. US organisations and individuals using the software also have the same 100-day deadline to find alternatives.
Notably, the ban doesn’t apply to Kaspersky Threat Intelligence products and services, Kaspersky Security Training products and services, or Kaspersky consulting or advisory services as they are purely “informational and educational in nature.”
Probes into Kaspersky began in 2022 following the Russian invasion of Ukraine when the federal government warned some companies that the Russian government could manipulate Kaspersky software. That wasn’t the first time Kaspersky had to bear the US government’s fangs, as the Department of Homeland Security had prohibited using Kaspersky software in federal agencies as far back as 2017.
In the News: Cybercrooks target high-profile diplomats across 6 countries