The House Science Committee is pushing the Department of Homeland Security (DHS) to reveal which agencies have not fully complied with deadlines in a broad effort to identify and remove all Kaspersky Lab products.
Lawmakers fear that Russian intelligence agencies have co-opted the Moscow-based firm’s products in espionage operations. DHS ordered all agencies on Sept. 19 to identify Kaspersky products on their systems and develop a plan to remove them within 60 days.
“The federal government needs to leverage all resources to ensure that Kaspersky products on federal systems have been completely removed,” members of the committee wrote in a letter sent Wednesday asking DHS which agencies have yet to identify the software or plan to remove it.
A DHS representative had testified at a Science Committee hearing Nov. 14 that the vast majority of agencies were compliant with the directive, though some smaller agencies without the resources to search for Kaspersky products were unable to meet the deadline.
Those agencies were receiving DHS help to identify and plan the removal of Kaspersky products, the official said.
Kaspersky has denied taking part in any nation’s intelligence operations, including Russia’s. But press reports have revealed at least one major incident showing witting or unwitting involvement.
In one widely reported incident, Russian spies are said to have used Kaspersky Antivirus’s file scanning capabilities to identify and steal classified hacking tools from a National Security Agency employee.
One factor foiling agencies efforts to identify Kaspersky products is that the company’s popular antivirus software often comes preloaded on computers. While agencies typically add agency-approved software to systems, sometimes they did not remove the preloaded software.
The United Kingdom followed suit with the U.S. decision last week, barring Kaspersky software from its systems as well.