President Donald Trump signed into law Tuesday legislation that bans the U.S. government from using products created by Kaspersky Lab, a Russian cybersecurity company, amid suspicions it was vulnerable to Kremlin influence.
The ban, introduced as part of the annual defense spending bill, codifies a directive issued by the Trump administration in September that federal agencies get rid of Kaspersky Lab’s software, hardware and other services within 90 days, Reuters reported.
The ban on Kaspersky Lab products signals growing tensions between Russia and the U.S. and its key allies over fears that the company has ties to Russian intelligence and that its prducts could be used for espionage.
“The case against Kaspersky is well documented and deeply concerning. This law is long overdue,” U.S. Sen. Jeanne Shaheen, D-N.H., told Reuters. She called the company’s software a “grave risk’” to U.S. national security.
“The case against Kaspersky is well documented and deeply concerning. This law is long overdue.”
Earlier this month, Britain’s main cyber security agency warned the British government about using Kaspersky Lab products in government systems.
Recent reports suggest Russian state-sponsored hackers exploited a Kaspersky bug at least once to hack and steal classified secrets of the personal computer of a former U.S. National Security Agency employee, the Washington Times reported.
The Russian-based company denied working with Russian intelligence, but admitted that a bug in its antivirus software unintentionally swept up an NSA hacking tool during a malware scan of a customer’s personal computer in 2014.
The firm in October offered to let the U.S. government see its software’s source code and be subjected to independent inspection in future updates in order to address the concerns. U.S lawmakers welcomed the suggestion but said it was not sufficient, according to Reuters.
Kaspersky Lab issued a statement Tuesday saying it has “serious concerns” about the new law prohibiting U.S. federal agencies from using its products because of “its geographic-specific approach to cybersecurity.”
“All software, including various products more widely deployed in government networks than Kaspersky Lab software, can have vulnerabilities exploited by a malicious cyber actor,” the company added Wednesday, according to the Times.
“Yet, Congress failed to address this fact or take a comprehensive look at federal IT sourcing policies to determine what improvements, if any, Congress could make to existing statutory and administrative authorities related to protecting government networks.”
Last week Kasperksy announced plans to close its Washington office but open offices in Chicago, Los Angeles and Toronto, Bloomberg News reported.
In November, Kasperksy founder Eugene Kaspersky said the loss of U.S. government business would have little impact on its revenue, but the negative publicity resulting from the ban could hurt overall income by as much as 8 percent, the Guardian reported.