Kaspersky declared threat to US national security

The Federal Communications Commission (FCC) has officially declared Kaspersky a threat to US national security.

The antivirus provider was added to the List of Equipment and Services Covered By Section 2 of the Secure Networks Act on Friday, becoming the first Russian company on the infamous blacklist that also includes China's Huawei and ZTE.

Passed in March 2020, the Secure Networks Act prevents communications equipment or services that pose a national security risk from entering US networks and obliges the FCC to publish and maintain a list of such equipment or services.

Kaspersky was added alongside China Mobile International (CMI) and China Telecom, with the latter having been banned from providing domestic interstate and international communication services within the US in October 2021.

FCC commissioner Brandan Carr described the decision as “welcome news”.

“In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America’s interests,” he said on Friday.

The decision to add Kaspersky to the list of banned equipment and services comes amid difficult US-Russia relations that have significantly worsened since Russia’s launch of a full-scale invasion on Ukraine in February.

However, in a statement given to IT Pro earlier this month, Kaspersky denounced the war and denied having "ties to any government".

The antivirus provider reiterated its claim on Friday, describing the FCC’s decision as “not based on any technical assessment of Kaspersky products” and “made on political grounds”.

“Kaspersky will continue to assure its partners and customers on the quality and integrity of its products, and remains ready to cooperate with US government agencies to address the FCC’s and any other regulatory agency’s concerns,” it said.

The company added that the FCC’s move was based on the “unconstitutional” 2017 decision to ban Kaspersky products from being used by US federal agencies:

“Kaspersky believes today’s expansion of such prohibition on entities that receive FCC telecommunication-related subsidies is similarly unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services.”

Over the weekend, Kaspersky was also expelled from the HackerOne bug bounty platform alongside other Belarusian and Russian entities.

The news comes two weeks after Germany’s Federal Office for Information Security (BSI) recommended switching away from any Kaspersky product to another vendor due to the risk that the company could be forced by the Russian state to carry out offensive cyber operations.