US President Donald Trump on Tuesday signed into law the US National Defence Authorisation Act for Fiscal Year 2018 (H.R.2810), which contains a section prohibiting US federal use of products and services from Russian-based cyber-security firm Kaspersky Lab.
According to the law, the ban takes effect on 1 October, 2018. Additionally, within 180 days of the passing of the act, the Secretary of Defence must present a report to relevant US Congressional committees detailing the findings from a review of procedures for removing Kaspersky products from US federal government networks.
Last September, the US Department of Homeland Security also issued a binding order forbidding the use of Kaspersky Lab security software. The order gave US federal agencies three months to do inventory and remove the software.
“Considering the grave risk that Kaspersky Lab poses to our national security, it's necessary that the current directive to remove Kaspersky Lab software from government computers be broadened and reinforced by statute,” said US Senator Jeanne Shaheen (D-N.H.), who earlier this year introduced the amendment that bans Kaspersky into H.R.2810. “The case against Kaspersky is well-documented and deeply concerning. This law is long overdue, and I appreciate the urgency of my bipartisan colleagues on the Senate Armed Services Committee to remove this threat from government systems. Going forward, I will continue to push for additional measures that strengthen our nation's cyber-security and protect our democracy from harmful foreign interference,” Shaheen continued in a press release.
The US National Defence Authorisation Act also covers a variety of additional cyber matters, such as the development of a Strategic Cyber-security Programme and the execution of a comprehensive US cyber posture review.
In the UK the NCSC issued an advisory that UK government departments do not use Kaspersky products and Barclays Bank advised its online customers not to use Kaspersky software - but the Metropolitan Police supported initiative GetSafeOnline, also supported by Kaspersky, issues free copies of the software, and Kaspersky does work with various governments and law enforcement authorities including EC3.
In a recent press briefing Eugene Kaspersky told SC Media UK that the company actually had little sales in the government sector in the US, but was agreived at what he saw as a concerted campaign against his company by both press and government in the US despite a lack of evidence of any wrongdoing by his company.