The chairman of the House Science, Space and Technology Committee has asked the Department of Homeland Security for an update on the federal government’s efforts to identify and remove software made by Kaspersky Lab, an embattled Moscow-based antivirus vendor accused of having ties to Russian intelligence.
Rep. Lamar Smith, Texas Republican, requested further details on the Kaspersky purge and a committee briefing from DHS by or before Dec. 19, according to a copy of a letter sent to the agency’s interim director this week and released by his office Wednesday.
“The federal government needs to leverage all resources to ensure that Kaspersky products on federal systems have been completely removed,” Mr. Smith wrote to Acting DHS Secretary Elaine Duke. “The Committee’s investigation is consistent with its broader goal of uncovering all risks associated with Kaspersky. This includes identifying all necessary actions needed to eliminate the risk, even beyond the risk to federal systems.”
Specifically the Science committee is seeking a complete list of federal agencies and departments that have identified the use or presence of Kaspersky Lab products, including the names of those that have neither submitted a report nor plan of action to DHS detailing their process of identifying, removing and discontinuing Kaspersky software in accordance with recently issued government-wide directive.
DHS did not immediately return an email seeking comment.
The Sept. 13 directive banning Kaspersky products, BOD 17-01, ordered federal agencies across the board to search their systems for traces of Kaspersky products and discontinue use within 90 days, citing “ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks.”
News reports have since suggested that the Russian government exploited Kaspersky antivirus software to conduct international espionage, and the U.K.’s main cybersecurity office issued a warning of its own last week advising British agencies against using its antivirus products.
“Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the only conclusion seems to be that the company remains caught in the middle of an ongoing geopolitical fight,” Kaspersky told The Hill in a statement Tuesday.
“Kaspersky Lab continues to reiterate its willingness to work alongside U.S. authorities to address any concerns they may have about its products or services, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that all allegations are unfounded,” the statement said.
Jeanette Manfra, the DHS assistant secretary for cybersecurity and communications, testified during a Nov. 14 hearing before the Science panel’s oversight subcommittee that only “a very small number” of federal agencies identified the use or presence of Kaspersky-branded products.
“We do not currently have … conclusive evidence that they have been breached,” Ms. Manfra told lawmakers at the time.