Written by: Haim Ravia and Dotan Hammer
The U.S. Department of Commerce’s Bureau of Industry and Security (BIS) has prohibited Kaspersky Lab, Inc., the U.S. subsidiary of a Russian cybersecurity company, from directly or indirectly providing antivirus software and cybersecurity products or services in the U.S. or to U.S. persons. This ban also extends to Kaspersky’s affiliates, subsidiaries, and parent companies.
Following an extensive investigation, BIS concluded that Kaspersky’s operations present significant risks due to the Russian government’s cyber capabilities and influence over the company. Kaspersky’s products, designed to protect against various cyber threats targeting critical infrastructure for home users, small businesses, large corporations, and governments, pose national security concerns for several reasons.
First, Kaspersky must comply with Russian government information requests, potentially compromising sensitive U.S. data. Additionally, Kaspersky’s administrative privileges could allow U.S. customer data to be transferred to Russia. There is also a risk that Kaspersky could install malicious software or withhold critical updates, making U.S. systems vulnerable. Furthermore, Kaspersky software integrated into third-party products increases the likelihood of introducing harmful code into U.S. systems.
As a result, Kaspersky can no longer sell its software or provide updates in the U.S., effectively prohibiting any continued transactions involving Kaspersky’s products and services.
U.S. users of Kaspersky software are encouraged to transition to new vendors to limit the exposure of personal or other sensitive data to malign actors due to a potential lack of cybersecurity coverage. While there are no legal penalties for continuing to use Kaspersky products, users assume all associated risks. Kaspersky can continue certain operations in the United States, including providing antivirus signature updates and codebase updates until September 29, 2024, to minimize disruption.
Click here to read the official Bureau of Industry and Security announcement on this decision.
