Trump administration considering governmentwide ban on popular Russian software
The Trump administration is on the verge of deciding whether to block all federal agencies from using products developed by a popular Russian cybersecurity firm, which is under increasing scrutiny for alleged ties to Russian intelligence services, government sources familiar with the matter told ABC News.
A final decision could be made in the coming days on whether to strip the Moscow-based firm, Kaspersky Lab, from the General Services Administration's list of outside vendors whose products are approved for use by government agencies, the sources said.
"That's a big move and is going to have some legal implications," one senior U.S. intelligence official told ABC News.
Removing Kaspersky Lab from the list - known as the GSA schedule - would likely affect only future contracts, ABC News was told.
If the Trump administration moves to block government agencies from using the company's products, it would be the most significant and far-reaching response yet to concerns among U.S. officials that Russian intelligence services could try to exploit Kaspersky Lab's anti-virus software to steal and manipulate users' files, read private emails or attack critical infrastructure in the United States.
For weeks, the White House, the Department of Homeland Security, the GSA and other federal agencies have been conducting an interagency review of the matter, sources said.
The company has repeatedly insisted it poses no threat to U.S. customers and would never allow itself to be used as a tool of the Russian government.
Kaspersky Lab's CEO, Eugene Kaspersky, recently said any concerns about his company are based in "ungrounded speculation and all sorts of other made-up things," adding that he and his company "have no ties to any government, and we have never helped nor will help any government in the world with their cyberespionage efforts."
Nevertheless, the FBI has been pressing ahead with a long-running counterintelligence probe of the company, and in June, FBI agents interviewed about a dozen U.S.-based Kaspersky Lab employees at their homes, ABC News was told.
In addition, as ABC News reported in May, the Department of Homeland Security issued in February a secret report on the matter to other government agencies. And three months ago, the Senate Intelligence Committee sent a secret memorandum to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions demanding that the Trump administration address "this important national security issue."
Despite all the private expressions of concern, the issue was first brought into public view only recently by key members of the Senate Intelligence Committee, who began asking questions about Kaspersky Lab during hearings covering global threats to national security.
Lawmakers and other U.S. officials point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies as reason for concern.
Three weeks ago, Sen. Jeanne Shaheen, D-N.H., took legislative steps to bar the U.S. military from using Kaspersky Lab products.
There is "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure," Shaheen, a key member of the Senate Armed Services Committee, said in a statement after introducing an amendment to a Pentagon spending bill.
Eugene Kaspersky called her move "an extreme new measure."
"Kaspersky Lab is facing one of the most serious challenges to its business yet, given that members of the U.S. government wrongly believe the company or I or both are somehow tied to the Russian government," he recently wrote on his blog. "Basically, it seems that because I'm a self-made entrepreneur who, due to my age and nationality, inevitably was educated during the Soviet era in Russia, they mistakenly conclude my company and I must be bosom buddies with the Russian intelligence agencies ... Yes, it is that absurdly ridiculous."
U.S. officials have yet to publicly present any evidence indicating concerning links between Kaspersky Lab employees and elements of the Russian government.
But one senior U.S. intelligence official said the fact that the U.S. government is considering the drastic step of removing Kaspersky Lab from the GSA's list of approved vendors shows that such concerns are "nontrivial."
A company lands on the list after hammering out deals with the GSA, which uses "the government's buying power to negotiate discounted pricing," according to the GSA.
Hundreds of "federal customers" and, in some cases, state and local governments can then purchase the company's products without having to each negotiate their own prices, the GSA said in a 2015 brochure about its operations.
"The buying process is simplified because GSA has completed the bulk of the procurement process on behalf of government buyers," the brochure added.
As of a few years ago, the information technology portion of the GSA schedule accounted for more than $14 billion of the federal budget, the brochure said.
An ABC News investigation earlier this year found that - largely through outside vendors - Kaspersky Lab software has been procured by many federal agencies, including the Bureau of Prisons and some segments of the Defense Department.
Kaspersky Lab products are also used in countless American homes and in state and local agencies across the country.
"We've offered the U.S. government any assistance it might need to help clarify the ongoing confusion regarding the falsely perceived threat they wrongly believe our products and technologies pose," Eugene Kaspersky wrote on his blog. "We're even willing to meet with any of them and give them our source code to thoroughly review it, as we've got nothing to hide. We want the government, our users and the public to fully understand that having Russian roots does not make us guilty."
