Lawmakers seek answers on agencies' use of Kaspersky tech


A key House panel wants federal agencies turn over any records related to the use of an anti-virus software program supplied by Russian cybersecurity firm Kaspersky Lab.

The software was recently removed from federal acquisition vehicles operated by the General Services Administration and NASA.

Rep. Lamar Smith (R-Texas), chairman of the House Science, Space and Technology Committee, sent a letter to 23 cabinet agencies and departments on July 27, following media reports and comments from law enforcement and intelligence officials questioning whether Kaspersky Lab presents a security risk due to its alleged close relationship to the Russian government.

"Given the increasing prevalence of cybersecurity threats across the nation, the federal government's use of cybersecurity products manufactured by a firm with potential ties to the Russian government is concerning to Congress," Smith wrote.

The committee is asking agencies for any documents related to their use of Kaspersky Lab products, including the purchase, evaluation, implementation and any associated hardware that may have used the vendor's software. Because most anti-virus software operates at the system level and is typically not monitored by other security systems, lawmakers are concerned that a compromised anti-virus system could build or embed backdoors into government IT systems while avoiding detection.

The letter continues: "The Committee is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage or other nefarious activities against the United States."

To date, the government has yet to publicly offer up any concrete evidence that Kaspersky Lab products are compromised or working with Russian intelligence agencies to undermine U.S. system, but during an open Senate Intelligence Committee hearing in May, several U.S. intelligence officials raised concern about using the company’s software. Until recently, Kaspersky Lab was listed as a preapproved vendor on the GSA's Schedule 70 contract and available to most government agencies. However, the firm was removed from the list earlier this month following a review by the White House, the GSA and intelligence agencies.

On July 11, Bloomberg BusinessWeek published a story claiming that internal email communications between CEO Eugene Kaspersky and his staff reveal that the company “has maintained a much closer working relationship with Russia’s main intelligence agency … than it has publicly admitted."

In response, the company has vigorously disputed the allegations in Bloomberg's reporting, blaming hysteria related to the current investigation into whether Russia hacked the Democratic National Committee’s email system in an attempt to influence the 2016 election. The company published a press release the same day listing nine "inaccurate statements" in the article, including the email chain that purports to show a close and potential inappropriate relationship with the FSB.

"Actually, the reported emails show no such link, as the communication was misinterpreted or manipulated to try to make the media outlet’s narrative work," the release stated. "Kaspersky Lab is very public about the fact that it assists law enforcement agencies around the world with fighting cyber threats, including those in Russia, by providing cybersecurity expertise on malware and cyberattacks."

Kaspersky stated on Twitter that the story is "BS brewed on [a] political agenda," and is worried that the allegations could harm the company’s U.S. business sales.

"As far as the publicly available facts are concerned, it’s still difficult to determine if Kaspersky is a bad actor or an innocent bystander in a broader geopolitical squabble," said Trevor Rudolph, a former White House cybersecurity official under the Obama administration, in an email to FCW. "I don't think there’s any doubting that the reputational damage to Kaspersky could be severe."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.