The Trump administration has decided to remove one of the world’s biggest and most-respected cybersecurity firms from the U.S. government’s list of companies whose products are approved for use on federal systems, according to U.S. officials.
The decision comes as the Moscow-based company, Kaspersky Lab, faces increasing scrutiny from U.S. officials over alleged ties to Russian intelligence services.
The government list — known as a schedule — is maintained by the General Services Administration, and GSA “made the decision to remove Kaspersky Lab-manufactured products” after “review and careful consideration,” a GSA spokeswoman said in a statement to ABC News.
“GSA’s priorities are to ensure the integrity and security of U.S. government systems and networks and evaluate products and services available on our contracts using supply chain risk management processes,” the statement added.
Removing Kaspersky Lab from the General Services Administration’s (GSA) list would likely affect only future contracts, ABC News was told.
As of Tuesday evening, Kaspersky Lab had not been notified of the decision, according to a company spokeswoman.
For weeks, the White House, the Department of Homeland Security, the GSA and other federal agencies conducted an interagency review of the matter, sources said. And ABC News reported earlier today that the Trump administration was considering such a move.
The final decision to remove Kaspersky Lab from the GSA schedule marks the most significant and far-reaching response yet to concerns among U.S. officials that Russian intelligence services could try to exploit Kaspersky Lab’s anti-virus software to steal and manipulate users’ files, read private emails or attack critical infrastructure in the United States.
The company has repeatedly insisted it poses no threat to U.S. customers and would never allow itself to be used as a tool of the Russian government.
Kaspersky Lab’s CEO, Eugene Kaspersky, recently said any concerns about his company are based in “ungrounded speculation and all sorts of other made-up things,” adding that he and his company “have no ties to any government, and we have never helped nor will help any government in the world with their cyberespionage efforts.”
Nevertheless, the FBI has been pressing ahead with a long-running counterintelligence probe of the company, and in June, FBI agents interviewed about a dozen U.S.-based Kaspersky Lab employees at their homes, ABC News was told.
In addition, as ABC News reported in May, the Department of Homeland Security issued in February a secret report on the matter to other government agencies. And three months ago, the Senate Intelligence Committee sent a secret memorandum to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions demanding that the Trump administration address “this important national security issue.”
Despite all the private expressions of concern, the issue was first brought into public view only recently by key members of the Senate Intelligence Committee, who began asking questions about Kaspersky Lab during hearings covering global threats to national security.
Lawmakers and other U.S. officials point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies as reason for concern.
Three weeks ago, Sen. Jeanne Shaheen, D-N.H., took legislative steps to bar the U.S. military from using Kaspersky Lab products.
In a statement Tuesday, she said she was “encouraged” to hear that the Trump administration was potentially “delisting Kaspersky software for use in the federal government.”
She called it a “wise precaution” that “would work in concert with my [efforts].”
Eugene Kaspersky, however, called those efforts “an extreme new measure.”
“Kaspersky Lab is facing one of the most serious challenges to its business yet, given that members of the U.S. government wrongly believe the company or I or both are somehow tied to the Russian government,” he recently wrote on his blog. “Basically, it seems that because I’m a self-made entrepreneur who, due to my age and nationality, inevitably was educated during the Soviet era in Russia, they mistakenly conclude my company and I must be bosom buddies with the Russian intelligence agencies … Yes, it is that absurdly ridiculous.”
U.S. officials have yet to publicly present any evidence indicating concerning links between Kaspersky Lab employees and elements of the Russian government.
“Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations,” the company said in a statement today. “Kaspersky Lab, a private company, seems to be caught in the middle of a geopolitical fight where each side is attempting to use the company as a pawn in their political game.”
But one senior U.S. intelligence official said the fact that the U.S. government was considering the drastic step of removing Kaspersky Lab from the GSA’s list of approved vendors shows that such concerns are “nontrivial.”
A company lands on the list after hammering out deals with the GSA, which uses “the government’s buying power to negotiate discounted pricing,” according to the GSA.
Hundreds of “federal customers” and, in some cases, state and local governments can then purchase the company’s products without having to each negotiate their own prices, the GSA said in a 2015 brochure about its operations.
“The buying process is simplified because GSA has completed the bulk of the procurement process on behalf of government buyers,” the brochure added.
As of a few years ago, the information technology portion of the GSA schedule accounted for more than $14 billion of the federal budget, the brochure said.
An ABC News investigation earlier this year found that — largely through outside vendors — Kaspersky Lab software has been procured by many federal agencies, including the Bureau of Prisons and some segments of the Defense Department.
Kaspersky Lab products are also used in countless American homes and in state and local agencies across the country.
“Kaspersky Lab continues to be available to assist all concerned government organizations with any investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded,” the company said in its statement today.