Trump signs bill barring US government use of Kaspersky

The antivirus software has been prohibited on US government networks due to concerns of Russian government influence.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
2 min read
Kaspersky Lab headquarters in Moscow
Vyacheslav Prokofyev/Tass via Getty Images

It's now against the law for the US government to use Kaspersky Lab software.

A ban on the antivirus firm's products was included in the 2018 National Defense Authorization Act, a sweeping defense policy bill signed into law by President Donald Trump on Tuesday. The prohibition, reinforcing a directive issued by the Trump Administration in September, comes amid concern the Moscow-based company might be vulnerable to Russian government influence.  

Cybersecurity has become a hot topic in Washington as concerns have mounted over email leaks during the 2016 presidential election campaign and reports of Russian online meddling, as well as breaches at government agencies and in the business world. In May, President Trump signed an executive order on cybersecurity that calls for US government agencies to modernize and strengthen their computer systems.

"Considering the grave risk that Kaspersky Lab poses to our national security, it's necessary that the current directive to remove Kaspersky Lab software from government computers be broadened and reinforced by statute," Democratic Sen. Jeanne Shaheen, who led efforts to remove the software from government computers, said in a statement. "The case against Kaspersky is well-documented and deeply concerning. This law is long overdue."

Kaspersky Lab, which has repeatedly denied the allegations, said in a statement it continues to have "serious concerns" about the law "due to its geographic-specific approach to cybersecurity.

"Congress singled out Kaspersky Lab based solely on the location of its headquarters, resulting in substantial and irreparable harm to the company, its US-based employees, and its US-based business partners," the company said. "Kaspersky Lab is assessing whether any further action is appropriate to protect its interests."

In September, the Department of Homeland Security issued a binding directive ordering all federal departments and agencies to remove Kaspersky Lab products from government computers, saying it was "concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks."

First published Dec. 12 at 7:57 p.m. PT.
Update, 8:30 a.m. PT:
Adds Kaspersky statement.

Special Reports: All of CNET's most in-depth features in one easy spot.

It's Complicated: This is dating in the age of apps. Having fun yet? These stories get to the heart of the matter.