President Donald Trump has signed a bill into law on Tuesday that also includes a clause that officially bans the use of Kaspersky products on US federal government computers.
The prohibition is detailed in section 1634 of the National Defense Authorization Act for Fiscal Year 2018.
SEC. 1634. Prohibition on use of products and services developed or provided by Kaspersky Lab.
(a) Prohibition.—No department, agency, organization, or other element of the Federal Government may use, whether directly or through work with or on behalf of another department, agency, organization, or element of the Federal Government, any hardware, software, or services developed or provided, in whole or in part, by—
(1) Kaspersky Lab (or any successor entity);
(2) any entity that controls, is controlled by, or is under common control with Kaspersky Lab; or
(3) any entity of which Kaspersky Lab has majority ownership.
(b) Effective date.—The prohibition in subsection (a) shall take effect on October 1, 2018.
The bill comes after in September, the DHS also issued a Binding Operational Directive that banned the use of Kaspersky software on the Department of Defense (DOD) computer network. The 2018 National Defense Authorization Act will apply to all government computer networks, not just the DOD.
UK's NCSC, a branch of the UK Government Communications Headquarters (GCHQ), the country's official intelligence and security agency, has also issued an advisory instructing the public and private sector not to use Kaspersky Labs software if they handle classified information.
US government convinced Kaspersky is to blame
The ban on Kaspersky software comes after the US government has accused the Russian antivirus vendor of working with Russian secret services to steal classified data from US computers using its product.
The US government never published any evidence to sustain its claims, all of which became public only through leaks to the US press.
Kaspersky denied all allegations and, in a report, claimed that US secrets might have been exposed online after an NSA employee took classified files home and stored them on a computer infected with other malware families.
The US Department of Justice charged a former NSA employee with taking classified documents home at the start of December, but it appears they still believe the files probably made it into FSB hands via Kaspersky, rather than the Russian cyber-criminal underground, which is known to have close ties to FSB operatives.