About 15 percent of federal agencies have found software on their computer networks made by Kaspersky Lab, a Russian antivirus vendor recently banned by the Department of Homeland Security, a Trump administration official testified Tuesday.
Jeanette Manfra, the DHS assistant secretary for cybersecurity and communications, told the oversight subcommittee of the House Science, Space and Technology Committee that 94 percent of the 102 federal agencies covered by a September directive banning Kaspersky products have finished auditing their systems after being ordered to detect, discontinue and remove any and all related software within 90 days.
“Out of all the federal agencies, a very small number have identified the use of presence in some aspect of their system of Kaspersky-branded products - about 15 percent of agencies who have reported,” Ms. Manfra told the subcommittee.
The Sept. 13 directive banning Kaspersky products, Binding Operational Directive 17-01, raised concerns about alleged ties between the antivirus vendor and Russian intelligence. The directive didn’t give specific examples, but subsequent reporting has suggested that Russian intelligence has leveraged a vulnerability in Kaspersky products to siphon sensitive information from customers’ computers.
The DHS is working with each agency to purge Kaspersky products by the December deadline, and several offices have removed Kaspersky products ahead of schedule, Ms. Manfra told lawmakers.
“We do not currently have … conclusive evidence that they have been breached,” Ms. Manfra said of the agencies that found Kaspersky software on their system.
The DHS is working with a handful of “very small agencies” that lack the resources for conducting their own audits for Kaspersky software, she added.
“I want to do a thorough review to ensure that we have a full picture,” said Ms. Manfra.
Kaspersky admitted last month that its antivirus program siphoned sensitive U.S. government data from a personal computer in 2014 but denied being in cahoots with the Russian intelligence. The Russian government has previously dismissed news reports claiming it uses Kaspersky products to conduct international espionage.