Government agencies’ use of Kaspersky Labs products subject of congressional inquiry

U.S. Rep. Lamar Smith (R-TX) requested information this week about how many government agencies have complied with a Department of Homeland Security (DHS) directive to identify Kaspersky Labs software on government computers and to plan for its removal.

DHS Binding Operational Directive (BOD) 17-01 in September. It ordered all agencies to identify Kaspersky Labs software on government computers and to document plans of action to replace the software within 60 days.

Smith, the chairman of the House Science, Space and Technology Committee, convened a series of hearings in October that explored risks posed by Kaspersky Labs to government computers and a federal purchasing platform used by the General Services Administration (GSA).

In a letter sent on Tuesday, Smith requested information from DHS about how many federal agencies had complied with BOD 17-01.

“While it is necessary to ensure these departments and agencies are taking the appropriate steps to remove this risk, we are also interested in proactive steps and coordination among federal agencies and departments,” the letter stated. “The federal government needs to leverage all resources to ensure that Kaspersky products on federal systems have been completely removed. The committee’s investigation is consistent with its broader goal of uncovering all risks associated with Kaspersky. This includes identifying all necessary actions needed to eliminate the risk, even beyond the risk to federal systems.”

Smith requested a complete list of agencies and departments that have and have not submitted plans of action. He also sought documents and communications pertaining to any DHS decisions not to enforce full compliance with BOD 17-0 and a complete list of departments that have identified the use of Kaspersky products.