Cybersecurity

House committee plans multiple hearings on Kaspersky

The House Science, Space and Technology Committee is now planning to hold a series of hearings on software produced by Moscow-based Kaspersky Lab, The Hill has learned.

The detail comes in the wake of reports that the Russian government exploited the company’s antivirus software in an effort to spy on the United States, and signals an expansion of the congressional committee’s inquiry into the risk that Kaspersky software poses to U.S. information systems.

{mosads}The House Science, Space and Technology Committee initially planned to hold a hearing on Kaspersky on Sept. 27, an announcement that was made after the Department of Homeland Security (DHS) moved to bar federal agencies and departments from using the company’s products over potential national security concerns. Eugene Kaspersky, the company’s CEO, was initially slated to testify. 

Kaspersky, a multinational company with headquarters in Moscow, produces widely-lauded antivirus software and boasts over 400 million customers worldwide.

The committee postponed the initial hearing due to a scheduling conflict, and last week rescheduled it for Oct. 25. The committee is now planning multiple hearings, an aide told The Hill on Wednesday, and has not invited Kaspersky to testify on Oct. 25. 

“The witness list for the hearing on October 25 will change,” the committee spokesperson said. “The committee is now planning a series of hearings on this issue. The committee has not reached out to Mr. Kaspersky to testify on October 25.”

The revelation follows a New York Times report that Israeli intelligence officials tipped off the U.S. to an effort by Russian hackers to exploit Kaspersky software in order to search for U.S. government secrets. The Wall Street Journal reported last week that Russian hackers leveraged Kaspersky software in 2015 to pilfer classified National Security Agency materials from a government contractor who had moved the files to his personal computer.

The company has denied having any knowledge of the incidents.

Kaspersky has long fought speculation in the media that the company has ties to Russian intelligence. Still, the U.S. government has produced no public evidence showing that the company has been, knowingly or unknowingly, compromised by the Russian government.

In response to the New York Times report, Kaspersky said Wednesday that the company “was not involved in and does not possess any knowledge of the situation in question.”

In September, DHS issued a public directive ordering federal agencies and departments to remove Kaspersky software from their information systems. 

“The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks,” Homeland Security said in a statement on Sept. 13.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the department said.