Agencies have all scanned their systems for the Russian anti-virus and drafted plans to replace it.
The federal government has completed the first two phases of a three-part plan to scrub itself of a Russian anti-virus that intelligence officials say could be a conduit for Kremlin hacking, a Homeland Security Department official told Nextgov Tuesday.
That means agencies have scanned all of their networks for the Kaspersky Lab anti-virus and drawn up plans for how to turn off and replace the anti-virus if it was found.
About six small agencies missed an October deadline for phase one of the removal—scanning their systems for Kaspersky—because they didn’t have the resources to do the scanning themselves, Assistant Secretary Jeanette Manfra told lawmakers earlier this month.
Since then, Homeland Security has helped those agencies scan their networks, Manfra told Nextgov on the sidelines of a cybersecurity conference hosted by the publication Fifth Domain.
All agencies have also met a Nov. 19 deadline to draw up detailed plans for how they’ll remove the Kaspersky anti-virus and replace it.
“We’re 100 percent on the first two phases,” Manfra said.
Agencies are required to begin removing Kaspersky by Dec. 19, according to Homeland Security’s binding operational directive, but many have already begun the process, according to Manfra and White House Cybersecurity Coordinator Rob Joyce.
Many national security-focused departments and agencies, including Homeland Security and the Defense Department, wiped Kaspersky from their networks years ago when the U.S. Intelligence Community first became concerned about it.
That lag between when top national security agencies acted on their Kaspersky concerns and when they alerted the rest of government has drawn severe criticism from many lawmakers.
Homeland Security’s official explanation for the Kaspersky ban focuses on ties between Kaspersky executives and Kremlin officials and on a Russian law that compels some tech companies to assist the government when called upon.
The Wall Street Journal reported in early October that Russian hackers may have used security holes in Kaspersky to steal NSA hacking tools from a contractor’s personal laptop.
Kaspersky CEO Eugene Kaspersky has vehemently denied any nefarious links with the Russian government. If the company did assist Russian hacking, he said, it would quickly drive itself out of business.
The initial round of Kaspersky scans – which covered about 94 percent of federal agencies – found the Russian anti-virus in about 15 percent of those agencies. In most cases, those agencies didn’t purchase Kaspersky directly but as part of a larger software package, Manfra earlier told lawmakers.