DHS won’t provide information about a government ban on the Russian antivirus until litigation with the company is complete.
The House Science Committee might subpoena documents about how the government is complying with a ban on products from the Russian antivirus firm Kaspersky Lab if the Homeland Security Department doesn’t turn them over quickly, the chairman said Thursday.
The committee originally requested those documents in December, two months after Homeland Security ordered government agencies to remove any trace of Kaspersky software from their systems, citing security concerns.
The government’s overriding concern was that Russian intelligence agencies might gain access to U.S. government information through Kaspersky software, either with or without the company’s knowledge or consent.
Homeland Security provided the first tranche of information Jan. 8, according to the letter from Chairman Lamar Smith, R-Texas, but the department later told committee staff it couldn’t provide more information until a lawsuit Kaspersky filed against the department is concluded.
That lawsuit shouldn’t preclude the department from sharing information with Congress, though, Smith argues in his letter to Secretary Kirstjen Nielsen.
“As you know, Congress requires full and uninhibited access to information to ensure that it can effectively carry out its duty to identify shortcomings and areas for improvement within the federal government,” Smith said in the letter.
Smith gave Nielsen until Feb. 8 to provide all the requested information, which includes lists of agencies that found Kaspersky on their systems and agencies that haven’t shared requested information with Homeland Security.
Tech officials found instances of Kaspersky at about 15 percent of federal agencies during the first phase of implementing the ban, a top Homeland Security official told Congress. In general, the Russian antivirus was most common at smaller agencies and bureaus that were not managed by central information technology staff, officials have said.
All those agencies should now be at the point of actively removing Kaspersky from their systems and replacing it with an alternative antivirus.
Antivirus is among the most powerful types of software with broad authority to examine a user’s files and to quarantine or remove those files if they might be infected with malware. That makes it a particularly attractive target for foreign hackers looking to gain a foothold in U.S. government systems.
Reports that Kaspersky antivirus might be compromised by the Russian government spread widely for years before the Homeland Security ban.
Kaspersky Lab, which is among the world’s largest antivirus providers, has consistently denied any collusion with the Russian government.
The company sued the government in December and demanded an immediate halt to the ban. The government’s response to that ban and a motion to dismiss the case are due Monday.