FCC blacklists Kaspersky for posing an 'unacceptable risk to the national security of the US'
The Federal Communications Commission has added Kaspersky to its blacklist in a move that has been branded as political. The FCC says that the Russian security firm has been "deemed to pose an unacceptable risk to the national security of the United States or the security and safety of United States persons".
What this means in practice is that Kaspersky is ineligible to receive FCC funding, joining companies such as Huawei and ZTE. Kaspersky has also been sanctioned by HackerOne, with its bug bounty program being indefinitely suspended.
- Mozilla sets out its vision of the web of the future
- After tests, Microsoft has decided to add the 'System requirements not met' watermark to Windows 11
- Microsoft confirms it was hacked as Lapsus$ leaks 37GB of source code
Announcing the addition of Kaspersky to its Covered List, the FCC said: "A Binding Operational Directive (BOD), issued by the Department of Homeland Security and published in the Federal Register on September 11, 2017, required certain federal agencies to remove 'Kaspersky-branded products' from federal information systems. More specifically, the BOD is a compulsory direction to federal, executive branch, departments and agencies for the purposes of safeguarding information and information systems; federal agencies are required to comply with BODs".
The BOD states that, in consultation with interagency partners, the Department of Homeland Security "determined that the risks presented by Kaspersky-branded products justify the issuance of this Binding Operational Directive". Based on the required actions by federal agencies in response to the threats identified in the BOD, we interpret the BOD to be a finding from the Department of Homeland Security that Kaspersky-branded products pose an unacceptable risk to the national security of the United States.
Further, by requiring federal agencies to remove Kaspersky-branded products we find that the Department of Homeland Security has determined that its products are capable of posing an unacceptable risk to the national security of the United States and its people.
Also added to the list were China Mobile and China Telecom.
FCC Commissioner Brendan Carr said of the decision:
The FCC's decision to add these three entities to our Covered List is welcome news. The FCC plays a critical role in securing our nation’s communications networks, and keeping our Covered List up to date is an important tool we have at our disposal to do just that. In particular, I am pleased that our national security agencies agreed with my assessment that China Mobile and China Telecom appeared to meet the threshold necessary to add these entities to our list. Their addition, as well as Kaspersky Labs, will help secure our networks from threats posed by Chinese and Russian state backed entities seeking to engage in espionage and otherwise harm America's interests.
Kaspersky is understandably unhappy with the developments and issued a statement in reponse:
Kaspersky is disappointed with the decision by the Federal Communications Commission to prohibit certain telecommunications-related federal subsidies from being used to purchase Kaspersky products and services. This decision is not based on any technical assessment of Kaspersky products -- that the company continuously advocates for -- but instead is being made on political grounds.