House panel seeks to ID agencies not meeting Kaspersky purge deadline
The House Science, Space and Technology Committee is pushing the Department of Homeland Security (DHS) to reveal which agencies have not fully complied with deadlines in a broad effort to identify and remove all Kaspersky Lab products from computers.
Lawmakers fear that Russian intelligence agencies have co-opted the Moscow-based firm’s products in espionage operations. DHS ordered all agencies on Sept. 19 to identify Kaspersky products on their systems and develop a plan to remove them within 60 days.
“The federal government needs to leverage all resources to ensure that Kaspersky products on federal systems have been completely removed,” members of the committee wrote in a letter sent Wednesday asking DHS which agencies have yet to identify the software or make a plan to remove it.
A DHS representative had testified at a Nov. 14 hearing before the committee that the vast majority of agencies were compliant with the directive, though some smaller agencies without the resources to search for Kaspersky products were unable to meet the deadline.
Those agencies were receiving DHS help to identify and plan the removal of Kaspersky products, the official said.
Kaspersky has denied taking part in any nation’s intelligence operations, including Russia’s. But press reports have revealed at least one major incident showing witting or unwitting involvement.
In the widely reported incident, Russian spies are said to have used Kaspersky Antivirus’s file scanning capabilities to identify and steal classified hacking tools from a National Security Agency employee.
One factor foiling agencies’ efforts to identify Kaspersky products is that the company’s popular antivirus software often comes preloaded on computers. While agencies typically add agency-approved software to systems, sometimes they do not remove the preloaded software.
The United Kingdom followed suit with the U.S. decision last week, barring Kaspersky software from its systems as well.