Compliance Risks And Required Actions

The United States Government has recently banned Kaspersky antivirus software. The Commerce Department’s prohibition has sent shockwaves through the cybersecurity community, raising critical compliance concerns and demanding swift action from IT infrastructure leaders in the US.

The Biden administration plans were announced on June 20, 2024, and affect Kaspersky Lab, Inc., its affiliates, subsidiaries, and parent companies.

The action alleges “undue or unacceptable national security risk,” and as a consequence, the company will no longer be able to sell its software within the United States or provide updates to software already in use.”

Kaspersky ban in US: What happened?

The Biden administration, escalating its crackdown on cybersecurity threats, has officially banned the sale and update of all antivirus software products from the Russian firm Kaspersky.

This significant policy shift was announced by Commerce Secretary Gina Raimondo on June 20, 2024, citing deep-seated national security concerns that Kaspersky might collect and weaponize sensitive U.S. information.

Starting September 29, 2024, it will be illegal to sell Kaspersky products in the United States or to provide updates to any existing installations, effectively freezing the company’s operations within the country.

The US ban on Kaspersky, Inc. makes it illegal to sell or update Kaspersky products starting on September 29, 2024.

Further compounding Kaspersky’s challenges, the U.S. Department of Commerce has also added three entities affiliated with Kaspersky — two in Russia and one in the UK — to the Entity List.

This action reflects the administration’s assertion that these units have engaged in activities that compromise or threaten U.S. national security, particularly through alleged collaborations with Russian military intelligence.

Eugene Kaspersky, the founder of Kaspersky Lab, has faced scrutiny over national security risks associated with his company’s software, including allegations of leaking private information and ties to the Russian government.

The Commerce Department’s actions are grounded in the perception that Kaspersky’s operations could be influenced or directly controlled by the Russian government, thereby posing an unacceptable risk to the security of U.S. infrastructures.

In a firm rebuttal, Kaspersky has denied any wrongdoing or ties to the Russian government and has vowed to challenge these restrictions through all available legal avenues.

This ban is not the first action taken against Kaspersky; the U.S. Department of Homeland Security had already prohibited the use of Kaspersky’s flagship antivirus products in federal networks back in 2017, citing similar security concerns.

The impact of this new ban extends beyond the federal level, urging all U.S. citizens and businesses to discontinue their use of Kaspersky products and to transition to alternative providers to safeguard against potential security breaches and ensure compliance with national security directives.

Implications of the use of Kaspersky software for US companies

The recent ban on Kaspersky antivirus software places stringent demands on U.S. companies, aligning them with a comprehensive framework designed to safeguard national security interests.

This prohibition also scrutinizes the company’s activities, including roles such as Chief Operating Officer and Chief Business Development Officer. Governed by the Department of Commerce’s Bureau of Industry and Security (BIS), the implications extend through the realms of Export Administration Regulations (EAR) and beyond.

Existing customers of Kaspersky are allowed to receive software and antivirus updates until September 29, after which they are encouraged to transition to new security solutions to protect their data and privacy.

As of June 2024, Kaspersky.com receives over 750,000 visits from US users, according to traffic intelligence company Semrush. This is a 50% decrease from its peak in January 2023. Additionally, it is reported that its brand (including “Kaspersky,” “Kapersky,” and other common typos) is searched over 70,000 times a month.

kaspersky us traffic

Laws and regulations impacting compliance

The EAR specifically includes the Entity List and enforces conditions under which U.S. companies must operate. These regulations mandate that before exporting, re-exporting, or transferring listed items, companies must obtain specific licenses.

This ensures that sensitive technologies do not inadvertently benefit entities that could pose a national security threat. The Russian government’s influence over Russian companies like Kaspersky presents significant risks to U.S. national security.

Furthermore, the National Defense Authorization Act (NDAA), under Section 889, prohibits federal agencies from dealing with any entity that uses telecommunications and surveillance equipment produced by listed entities. The Federal Acquisition Regulation (FAR) complements this by guiding federal procurement processes to avoid contracts with these entities, thereby reinforcing the NDAA’s stipulations. Intelligence authorities played a crucial role in the decision to ban Kaspersky due to these national security concerns.

Additionally, the Cybersecurity Information Sharing Act (CISA) plays a pivotal role by promoting the exchange of cybersecurity threat information, which might include interactions involving listed entities. The Commerce Department and its affiliated companies are actively involved in regulatory actions to ensure compliance and mitigate risks across various industries. These industries include Technology and Telecommunications, Defense and Aerospace, Semiconductors and Electronics, Energy and Utilities, Healthcare and Pharmaceuticals, and Financial Services.

The United States faces national security risks from potential exploitation by companies like Kaspersky, which could lead to data theft, espionage, and system malfunctions.

Companies are navigating compliance by implementing vendor screening, securing licenses, establishing internal controls, and conducting regular training sessions to ensure adherence to regulations.

As companies transition away from Kaspersky software to comply with federal regulations, reputable cybersecurity vendors like Malwarebytes, Trend Micro, McAfee, Sophos, Microsoft, Avast, AVG Technologies, ESET, CrowdStrike, Symantec, Bitdefender, SentinelOne, Cylance Inc., and Support.com offer viable alternatives. has banned Kaspersky software, starting on September 29, 2024. Other countries have also expressed concerns about the security risks posed by Kaspersky and have taken measures to limit or ban its usage.

Unfortunately, starting September 29, 2024, all Kaspersky products and updates have been banned in the entire country. This decision has been made in the interest of national security and data protection. We urge all users to uninstall any Kaspersky software immediately and seek alternative cybersecurity solutions to safeguard your information. Your online safety is our top priority, and we are committed to ensuring a secure digital environment for all citizens. Thank you for your cooperation in this matter.

Leave a Reply

Your email address will not be published. Required fields are marked *