Lawmakers seek answers on agencies' use of Kaspersky tech


A key House panel wants federal agencies turn over any records related to the use of an anti-virus software program supplied by Russian cybersecurity firm Kaspersky Lab.

The software was recently removed from federal acquisition vehicles operated by the General Services Administration and NASA.

Rep. Lamar Smith (R-Texas), chairman of the House Science, Space and Technology Committee, sent a letter to 23 cabinet agencies and departments on July 27, following media reports and comments from law enforcement and intelligence officials questioning whether Kaspersky Lab presents a security risk due to its alleged close relationship to the Russian government.

"Given the increasing prevalence of cybersecurity threats across the nation, the federal government's use of cybersecurity products manufactured by a firm with potential ties to the Russian government is concerning to Congress," Smith wrote.

The committee is asking agencies for any documents related to their use of Kaspersky Lab products, including the purchase, evaluation, implementation and any associated hardware that may have used the vendor's software. Because most anti-virus software operates at the system level and is typically not monitored by other security systems, lawmakers are concerned that a compromised anti-virus system could build or embed backdoors into government IT systems while avoiding detection.

The letter continues: "The Committee is concerned that Kaspersky Lab is susceptible to manipulation by the Russian government, and that its products could be used as a tool for espionage, sabotage or other nefarious activities against the United States."

To date, the government has yet to publicly offer up any concrete evidence that Kaspersky Lab products are compromised or working with Russian intelligence agencies to undermine U.S. system, but during an open Senate Intelligence Committee hearing in May, several U.S. intelligence officials raised concern about using the company’s software. Until recently, Kaspersky Lab was listed as a preapproved vendor on the GSA's Schedule 70 contract and available to most government agencies. However, the firm was removed from the list earlier this month following a review by the White House, the GSA and intelligence agencies.

On July 11, Bloomberg BusinessWeek published a story claiming that internal email communications between CEO Eugene Kaspersky and his staff reveal that the company “has maintained a much closer working relationship with Russia’s main intelligence agency … than it has publicly admitted."

In response, the company has vigorously disputed the allegations in Bloomberg's reporting, blaming hysteria related to the current investigation into whether Russia hacked the Democratic National Committee’s email system in an attempt to influence the 2016 election. The company published a press release the same day listing nine "inaccurate statements" in the article, including the email chain that purports to show a close and potential inappropriate relationship with the FSB.

"Actually, the reported emails show no such link, as the communication was misinterpreted or manipulated to try to make the media outlet’s narrative work," the release stated. "Kaspersky Lab is very public about the fact that it assists law enforcement agencies around the world with fighting cyber threats, including those in Russia, by providing cybersecurity expertise on malware and cyberattacks."

Kaspersky stated on Twitter that the story is "BS brewed on [a] political agenda," and is worried that the allegations could harm the company’s U.S. business sales.

"As far as the publicly available facts are concerned, it’s still difficult to determine if Kaspersky is a bad actor or an innocent bystander in a broader geopolitical squabble," said Trevor Rudolph, a former White House cybersecurity official under the Obama administration, in an email to FCW. "I don't think there’s any doubting that the reputational damage to Kaspersky could be severe."

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.