© 2024 Ideastream Public Media

1375 Euclid Avenue, Cleveland, Ohio 44115
(216) 916-6100 | (877) 399-3307

WKSU is a public media service licensed to Kent State University and operated by Ideastream Public Media.
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

U.S. announces ban on antivirus software from a Russia-based cybersecurity company

LEILA FADEL, HOST:

The Biden administration is banning antivirus software made by a company based in Russia. Kaspersky Lab is a big maker of products used to protect computers from malicious software. The new ban represents the first time the Commerce Department has used new powers to regulate tech transactions between the U.S. and foreign adversaries. We turn now to Liz Cannon. She leads the department's Office of Information and Communications Technology and Services. Good morning, and welcome to the program.

LIZ CANNON: Good morning, Leila. Thanks for having me.

FADEL: Thank you for being here. So the government has been wary of this company for a while. Why was this decision to ban its products completely made now?

CANNON: Yeah. You are correct. The company, Kaspersky, has certainly been on the government's radar for a number of years. In fact, in 2017, it was banned from federal computer systems. You know, frankly, it is the case that the threat hasn't receded, and certainly, as we've seen malign activity from Russia in particular over the past couple of years, we felt that we needed to more broadly address this threat. And we now have this ICTS authority, through the Commerce Department, that allows us to address this commercial threat. So in the past, we were able to address the threat on federal systems. We now have the authority to take steps to help mitigate that threat in the commercial sector, so we've decided to do that, and we think this is a very important step for - you know, to help protect U.S. persons' personal data and their own personal systems.

FADEL: How does a decision like this get made? I mean, does a private company get labeled a national security threat just because it's based in a country like Russia or China?

CANNON: No. So what we've seen is - and what we actually describe in this final determination that we issued yesterday - we describe three particular risks. One is obviously the connection to the Russian government, the fact that Kaspersky is subject to the direction and control of the Russian government. But the other two are that Kaspersky's software gives the company essentially administrator access to the devices on which it operates, meaning that it can access all of the data on those devices. Separately, it can also inject malware, or it can choose to withhold critical updates to allow the Russian government potentially to exploit identified vulnerabilities. So it was really, you know, the combination of those three factors - the ties to the Russian government, the ability to access personal sensitive data and the ability to potentially inject malware or withhold vulnerability updates - that we felt rose to the level of a real national security threat.

FADEL: As we're speaking, I mean, I'm thinking about TikTok. The U.S. government, over similar national security concerns, is trying to force its owner, ByteDance, to sell, so it's no longer owned by a company based in China, which, I should say, is raising all kinds of questions about First Amendment rights. Are there going to be more of these types of bans?

CANNON: We are certainly investigating other entities, and we are - as I've said, this is a newish authority for the U.S. government, so we are looking at other entities and trying to identify where there are real risks to national security and where we should use this authority. We've also recently issued an advance notice of proposed rulemaking with regard to connected vehicles, so we're looking at threats in that space. You know, we want to use this tool, which is a very, you know, broad-based tool, but we want to use it in ways that are narrowly tailored to real national security risks, which is why the investigation into Kaspersky took years and why we are, you know, sort of slowly addressing the risk of connected vehicles.

FADEL: Liz Cannon from the Department of Commerce, thank you for your time.

CANNON: Thank you. Bye-bye. Transcript provided by NPR, Copyright NPR.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.

Leila Fadel is a national correspondent for NPR based in Los Angeles, covering issues of culture, diversity, and race.