The U.S. Federal Communications Commission has deemed all products and services from the Russia-based cybersecurity firm Kaspersky an “unacceptable risk to national security.”
According to the FCC’s release, the move comes in an effort to uphold 2019’s Secure and Trusted Communications Networks Act, which requires the agency to publish a list that details any communications equipment or services which may present a risk to national security.
The FCC published its so-called “Covered List” for the first time in March 2021, when it named Chinese companies Huawei, ZTE, Hytera Communications, Hikvision, and Dahua. With this year’s update, the full list only names eight companies that pose such risk, and Kaspersky is the only one based in Russia.
The company’s inclusion on the list means it is banned from receiving support from the FCC’s Universal Service Fund. According to Reuters, the $8 billion fund is used to maintain communications services in rural areas and for low income users and facilities.
Kaspersky’s arrival on the Covered List this year follows a 2017 directive barring the company’s flagship antivirus product on federal computer systems. More recently, the FCC’s move subsequently spurred bug bounty platform HackerOne to indefinitely suspend Kaspersky from using its services, as announced on Twitter.
Kaspersky has maintained that such federal action against its services is unconstitutional, claiming both the initial 2017 prohibition and this year’s Covered List designation to be be based not on actual evidence against the company, but rather political motivations. That’s the position the company took in a statement to Bleeping Computer earlier this week.
“Kaspersky maintains that the U.S. Government’s 2017 prohibitions on federal entities and federal contractors from using Kaspersky products and services were unconstitutional,” the statement reads. It goes on to note that the FCC’s latest update to the Covered List is flawed because, the company maintains, there’s been “public evidence” to justify the 2017 move, which is also referenced in the FCC’s announcement.
“This decision is not based on any technical assessment of Kaspersky products – that the company continuously advocates for – but instead is being made on political grounds.”