US puts Russia's Kaspersky Lab on security risk list dominated by China
The U.S. placed internet-security provider AO Kaspersky Lab on a list of companies deemed a threat to national security, for the first time adding a Russian entity to a list dominated by Chinese telecommunications firms.
The Federal Communications Commission on Friday also added China Telecom (Americas) Corp, and China Mobile International USA Inc. to the list.
Once a company is on the list, federal subsidies can't be used to purchase its equipment or services.
The action is part of the FCC's efforts to “strengthen America's communications networks against national security threats,” Jessica Rosenworcel, the agency's chairwoman, said in a news release. She earlier warned of possible cyber attacks following Russia's invasion of Ukraine.
Kaspersky is a well known provider of anti-virus software, and has conducted investigations into a range of nation-state hacking incidents. It calls itself the world's largest privately-owned cybersecurity company on its website. It says it protects more than 400 million users and 240,000 companies.
The company in a statement said it was “disappointed” with the FCC's action, calling it “a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky's products and services.”
“Kaspersky will continue to assure its partners and customers on the quality and integrity of its products,” the company said.
The U.S. government in 2017 banned use of Kaspersky software in federal information systems, citing concerns about the Moscow-based security firm's links to the Russian government and espionage efforts.
A White House official in 2017 said having Kaspersky software on U.S. networks presented “an unacceptable risk” mainly because Russian law requires the company to collaborate with its main spy agency, the FSB.
The FCC on Friday said the 2017 action persuaded it that “Kaspersky-branded products pose an unacceptable risk to the national security” of the U.S.
The FCC has been increasing its focus on Russian telecommunications since Russia invaded Ukraine in February. On Feb. 25, Rosenworcel proposed an inquiry into the vulnerabilities of the internet's global routing system, in light of cyberthreats stemming from the war.
On March 16 Rosenworcel said the agency had completed a review of Russian interests in U.S. communications networks, and shared findings with national security officials. She didn't provide details.
For Friday's update of the list, the FCC said it relied on findings by the Department of Homeland Security and an executive branch interagency body called the Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector.
Homeland Security in 2017 had cited “risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems.”
Kaspersky at the time denied “inappropriate ties with any government” and criticized the U.S. decision as “based on false allegations and inaccurate assumptions, including claims about the impact of Russian regulations and policies.”
The FCC last year placed five Chinese companies on the list. They were Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Zhejiang Dahua Technology Co.
The Chinese companies placed on the list Friday were earlier barred from the U.S. market by the FCC. The FCC in an October vote ejected China Telecom, and the agency citing security concerns in 2019 rejected China Mobile's bid to provide telephone service.