A House science panel is requesting the Department of Homeland Security provide all documents related to its directive for all federal agencies departments to remove Kaspersky Lab software products from their systems, following concerns on the Russian-based company’s alleged ties to the Kremlin.
Chairman of the Science, Space and Technology (SST) Committee Lamar Smith (R-Texas) sent a letter Dec. 5 to Acting DHS Secretary Elaine Duke calling for all documents related to the binding operational directive issued in September be provided by Dec. 19.
“The federal government needs to leverage all resources to ensure that Kaspersky products on federal systems have been completely removed,” Smith wrote in his letter.
Smith sent an earlier letter in July to all 22 federal agencies detailing concerns on the potential for Kaspersky’s antivirus software to collect sensitive government information, which could then be shared with Russian intelligence officials under the country’s communication laws.
DHS then issued its directive in September giving federal agencies up to 90 days to remove Kaspersky products from their systems.
Jeanette Manfra, DHS assistant secretary for cyber security and communications, discussed preliminary findings on her department’s directive at a Nov. 14 SST Committee hearing. At the time, 94 percent of agencies had reported their findings to DHS and 13 percent of those had found some instance Kaspersky software on their systems.
Lamar is now requesting DHS provide all relevant information related to their binding operational directive, including a list of all agencies who have yet to submit their report or plans for removing the software and prevent future use of Kaspersky products.
DHS must also detail communications with Office of Management and Budget, any non-government or private sector party, and federal contractors related to the directive. Specifically, Lamar has requested documentation of discussions on the applicability of the directive to contractors and any potential timeline for non-governmental partners to remove the products.
Department officials must also present all communications between DHS and Kaspersky, including documents before the September directive.
Lamar has also requested another briefing from DHS representatives to update the committee as soon as possible, but no later than Dec. 19.
“The Committee’s investigation is consistent with its broader goal of uncovering all risks associated with Kaspersky. This includes identifying all necessary actions needed to eliminate the risk, even beyond the risk to federal systems,” wrote Smith in his letter.