The top Democrat on the House Homeland Security Committee is pressing the Department of Homeland Security to provide an updated account of the federal agencies that have complied with the ban on Kaspersky Lab software.
In a letter sent earlier this month, Rep. Bennie Thompson (D-Miss.) asked Secretary Kirstjen Nielsen to disclose the specific percentage of agencies that have complied with the Kaspersky directive issued by the department in September.
Kaspersky, which is headquartered in Moscow and serves customers around the globe, has attracted significant attention in Washington as a result of allegations over ties to the Russian government. The company has long maintained that it operates independently.
On Sept. 13, Homeland Security issued a public directive ordering federal agencies to remove Kaspersky software from their systems within three months. The department cited “the risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems,” but provided no underlying evidence to support its conclusions.
The Wall Street Journal reported subsequently that Russian hackers had used Kaspersky software in 2015 to target a National Security Agency contractor and steal classified national security secrets.
{mosads}
In his letter, Thompson accused Homeland Security officials of sending “unclear messages” about the progress made on the directive and understanding the threat.
“I am hoping to clarify these recent statements to understand the schedule for removing Kaspersky products, what insight DHS has been able to gain from a closer examination of agency networks, and whether DHS has a plan to resolve security threats that remain,” Thompson wrote.
He cited questions for Homeland Security raised by the House Science, Space and Technology Committee in connection with its oversight investigation of Kaspersky. That committee sent a list of questions to Homeland Security last month, including asking for an accounting of the agencies that had identified Kaspersky software on their systems.
Christopher Krebs, the acting undersecretary for the department’s National Protection and Programs Directorate, reported in mid-December that agencies were ahead of schedule in implementing the ban.
Democrats and Republicans have voiced support for the ban, which came amid intense scrutiny surrounding Russian hacking and interference in the 2016 presidential election.
Meanwhile, Kaspersky has vowed to challenge the ban, filing an injunction last week accusing Homeland Security of not providing advanced notice or offering the company the opportunity to contest the purported evidence supporting the directive.
At the time of the directive, Elaine Duke was helming the department in an acting capacity. President Trump has since selected Nielsen to permanently succeed John Kelly, who is now his chief of staff, as Homeland Security secretary.
Nielsen is widely cheered as a cyber expert and is expected to make cybersecurity a high priority in her leadership role.
In his letter, Thompson relayed a number of questions on Kaspersky to the new secretary, including whether the ban will also extend to government contractors. He also asked the department whether it has turned up evidence of Kaspersky-related breaches at federal agencies.