Those who know about cyber security know Kaspersky Lab. The company was founded in 1997, is operated by a holding company in the UK and is based in Russia.
In 2021, Gartner named Kaspersky the third largest provider of consumer IT products and the fifth largest provider of business IT products. The company offers antivirus, antimalware, password and endpoint management, and other digital security products.
Despite the fact that Kaspersky is a household name, the US Federal Communications Commission decided to blacklist the company.
Kaspersky Lab enters the FCC blacklist
The FCC and the Department of Homeland Security (DHS) regularly amend the list of foreign IT providers considered threats to national security. On March 25, 2022, the FCC added Kaspersky.
Become a Cyber Security Hub member and get exclusive access to our upcoming digital events, industry reports, and expert webinars
Kaspersky joins a list of companies that the FCC says “pose an unacceptable risk to national security or the safety of Americans.” On the same day, two Chinese-owned companies were added: China Mobile International and China Telecom Corp.
There is there are no cybersecurity laws at the federal level in the US, but this blacklist, called the “List of Equipment and Services Covered by Section 2 of the Secure Networks Act”, is a mechanism with which the country defends its online infrastructure. When keeping a single office secure is challenging enough, removing variables in a problem as vast as national security seems appealing.
Security against state-backed threats
FCC commissioner Brendan Carr said This decision is intended to “help protect our networks against threats posed by Chinese and Russian state-backed entities that seek to engage in espionage and harm US interests.”
Although this decision follows the Russian invasion of Ukraine, which began in late February 2022, the US government has banned Russian-made IT products before. In September 2017, US officials banned antivirus products made by Kaspersky from federally owned networks.
Recent Russian aggression in Ukraine was not mentioned in the FCC announcement, nor was President Joe Biden’s warning to the private sector about possible Moscow-backed cyberattacks.
Kaspersky responded quickly. The company claims the move was “done for political reasons” and denounced the ban as an “unsubstantiated response to the geopolitical climate rather than a comprehensive evaluation of Kaspersky products.”
Chinese embassy officials in Washington, DC, also issued a statement, saying the FCC had “abused state power and maliciously targeted Chinese telecom carriers again without a factual basis. The United States should immediately stop its unreasonable crackdown on Chinese companies.”
Purpose of the blacklist
It is unclear what the nature of the “unacceptable risk” cited by the FCC is. Kaspersky operates from a headquarters in Russia and the other companies blacklisted on the same day are based in China. Leaving some to wonder if the threat is real or if it’s guilt by association.
Under the 2017 ban of Kaspersky products from federal networks, the FCC was specifically concerned about provisions in Russian law on data sharing. In 2017, a The White House spokesman explained that Russian law requires companies like Kaspersky to cooperate and share information with national espionage agencies like the Federal Security Service, the successor agency to the notorious KGB.
In his own words, Homeland Security was concerned about the “risk that the Russian government, either acting on its own or in collaboration with Kaspersky, could capitalize on the access provided by Kaspersky products to compromise federal data and information systems.”
This new FCC decision is the most decisive yet, this is the first Russian company to be blacklisted, but it is based on the same logic as previous Kaspersky complaints.
It should be noted that there is a long-standing precedent of US-based cybersecurity and telecommunications companies providing user data to the US government in response to subpoenas.
Government agencies forcing private national companies to compromise users’ privacy, in order to take action against individuals or groups, is not a new phenomenon or unique to any country.
As for the effects of the blacklist, those who rely on Kaspersky services will probably not be affected. There is nothing to prevent individuals or organizations from purchasing Kaspersky products. However, Kaspersky products can no longer be purchased with government subsidies.
In the name of national digital sovereignty
Kaspersky Lab says its customer base is 400 million, even years after being banned from US federal networks. The closure of federal subsidies may hurt the company’s bottom line, but probably not significantly.
The greatest impact is on national digital sovereignty. As with the blacklist of huawei products in March 2021, the US is setting a strong precedent when it comes to keeping its major economic rivals out of its digital infrastructure as much as possible.