Kaspersky anti-virus removed from two GSA Schedules

Kaspersky Anti-Virus (AV) has been removed from two GSA (Government Services Administration) schedules, due to concerns that the Kremlin may use Kaspersky products to compromise US Government computers.

A commonly used anti-virus product has been banned for purchase by any U.S. Government agencies which use GSA schedules 67 and 70.  While the US government has not yet banned Kaspersky products already purchased, or those purchased outside the GSA schedule, the Senate version of the 2018 defense bill places a blanket ban on Kaspersky products.  This bill has not yet been passed.   Many government and private organizations receiving funding from the U.S. or state governments are required to make such purchases via the GSA schedule.

IMPACT

This ban limits the further acquisition of Kaspersky AV by those organizations required to follow GSA.  However, many organizations may already have this product entrenched within their infrastructure.  Still, organizations which are not required to adhere to the GSA schedule may decide to follow suit with the GSA’s ban on Kaspersky AV.  Organizations may have many questions on how to move forward.

Recommendations

Tactical
Hold tight.  There is a significant amount of posturing and saber-rattling on the geopolitical stage at the moment.  A number of independent research organizations are currently examining Kaspersky’s software, and reports should be forthcoming.
Strategic
InGuardians recommends that organizations not rely on solely one vendor’s solutions for security products.  Organizations should evaluate multiple providers and select only those with which they can form a trusted relationship. In the event that trusted relationship becomes compromised, the organizations should have plans for contingencies which enable the removal and selection of a new vendor without losing coverage.  Most of our clients favor endpoint protection, in addition to the layered application and network defenses, over traditional anti-virus.

Additional Resources

http://thehill.com/policy/cybersecurity/341665-trump-admin-removes-russian-cyber-firm-from-approved-list

https://arstechnica.com/security/2017/07/kaspersky-denies-inappropriate-ties-with-russian-govt-after-bloomberg-story/