President Trump's administration has today ordered the removal of all Kaspersky security products from US government IT systems, citing claims that the company is vulnerable to influence from the Russian government.
The order comes from the Department of Homeland Security with a directive to all federal agencies to identify Kaspersky products on their systems within 30 days and to discontinue usage within 90 days.
"This action is based on the information security risks presented by the use of Kaspersky products on federal information systems," claimed the Department in its order.
It continued: "Kaspersky anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems."
The order was based on concerns "about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks".
The Department claims that the Russian government could compel Kaspersky to compromise its own products on behalf of Russian intelligence, although there is no evidence either of such a request or of Kaspersky software being mis-used in this or any other way.
Indeed, the Department itself admitted that it didn't have any evidence of compromise. In response to questioning from Reuters, a spokesperson said: "As we evaluated the technology, we decided it was a risk we couldn't accept."
In response, Kaspersky founder Eugene Kaspersky suggested that the US government had decided the company was "guilty until proven innocent, jailed ‘til you clear your name".
The company's official response repeated the assertion that "Kaspersky Lab doesn't have inappropriate ties with any government" and added: "No credible evidence has been presented publicly by anyone or any organisation as the accusations are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company."
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams
Google also gets its hands on HTC's IP in a non-exclusive deal