US Comms Regulator Deems Kaspersky a National Security Risk

Written by

The US communications regulator, the Federal Communications Commission (FCC), has added Kaspersky to a list of entities that it deems to pose a national security threat.

The list, first published in March 2021, covers communications equipment and services that pose an “unacceptable risk to national security or to the security and safety of US persons.”

In addition to cybersecurity vendor Kaspersky, the FCC’s latest update added two Chinese companies to the organizations it considers a security risk: China Telecom (Americas) Corp and China Mobile International USA Inc.

Commenting on the announcement, FCC Chairwoman Jessica Rosenworcel said: “Last year, for the first time, the FCC published a list of communications equipment and services that pose an unacceptable risk to national security, and we have been working closely with our national security partners to review and update this list.

“Today’s action is the latest in the FCC’s ongoing efforts, as part of the greater whole-of-government approach, to strengthen America’s communications networks against national security threats, including examining the foreign ownership of telecommunications companies providing service in the United States and revoking the authorization to operate where necessary. Our work in this area continues.”

In response, Kaspersky argued the decision was based on political rather than technical grounds. The statement read: “Kaspersky is disappointed with the decision by the Federal Communications Commission (FCC) to prohibit certain telecommunications-related federal subsidies from being used to purchase Kaspersky products and services. This decision is not based on any technical assessment of Kaspersky products – that the company continuously advocates for – but instead is being made on political grounds.

“Kaspersky maintains that the US Government’s 2017 prohibitions on federal entities and federal contractors from using Kaspersky products and services were unconstitutional, based on unsubstantiated allegations, and lacked any public evidence of wrongdoing by the company. As there has been no public evidence to otherwise justify those actions since 2017, and the FCC announcement specifically refers to the Department of Homeland Security’s 2017 determination as the basis for today’s decision, Kaspersky believes today’s expansion of such prohibition on entities that receive FCC telecommunication-related subsidies is similarly unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services.”

The announcement is the latest in a series of blows to Kaspersky since Russia began its invasion of Ukraine in late February. Earlier this month, Germany’s Federal Office for Information Security (BSI) advised organizations against using the firms’ products over fears Kaspersky could be used as a vehicle to carry out offensive cyber operations by the Russian government amid heightened East-West tensions. As in the case of the FCC, the vendor issued a strongly worded response, emphasizing it has no links to the Russian government and arguing the decision was politically motivated.

In addition, on March 1, the company’s CEO, Eugene Kaspersky, came under fire for a statement he tweeted regarding the Russia-Ukraine conflict. Industry figures criticized his neutral tone on the topic, such as describing the conflict as a “situation.”

What’s hot on Infosecurity Magazine?