Kaspersky is Off All Federal Networks but Remains on Contractor Systems

Kaspersky Lab anti-virus has been scrubbed from all federal government computer systems, Sen. Jeanne Shaheen, D-N.H., confirmed Tuesday.

The Russian software remains on some contractor systems, Homeland Security Secretary Kirstjen Nielsen said during testimony before the Senate Appropriations Committee’s Homeland Security panel, but the effort to remove it is “pretty advanced.”

Homeland Security’s top cyber official, Jeanette Manfra, earlier disclosed that agencies were all in compliance with an October directive mandating the removal of Kaspersky software, but stopped short of saying the removal was complete.

The order to remove Kaspersky from contractor systems was included in an annual defense policy bill, the National Defense Authorization Act, which became law in December, two months after the Homeland Security ban.

Both efforts stem from concerns the anti-virus company is too closely tied to the Kremlin and that Russian laws could force Kaspersky to cooperate with Russian spying efforts.

Kaspersky, which is suing the U.S. government over the ban, has consistently denied those charges.

Many federal contractors that have removed Kaspersky or are in the process of doing so were unaware that the anti-virus was included in their supply chains or running in their products, Nielsen said.

Homeland Security is working with federal agencies to “be more forward pushing” in imposing consequences on contractors that have not removed Kaspersky, she said.

Nielsen tied the effort to remove Kaspersky from federal systems with a broader Homeland Security effort to include cybersecurity concerns in the acquisition process.

In the future, “It has to be that we can pause and turn off contracts the moment we have a concern that someone’s been hacked, if someone’s vulnerable or if someone’s using software that we know will put us at risk,” she said.

The House version of this year’s National Defense Authorization Act would similarly ban the Chinese telecoms Huawei and ZTE from federal networks, along with any contractors that partner with those companies or include them in their supply chains.