Kaspersky Lab has been removed from the GSA Schedule, a move that could severely limit the security vendor's ability to sell to the federal government.
The removal, made official late Tuesday, takes Kaspersky off the approved list of technology vendors for government departments on the GSA's Schedule 67 and Schedule 70 contracts. While it won’t prevent the government from buying Kaspersky software entirely, purchases would have to be separate from the GSA contract process. That will likely vastly limit the company’s sales to the U.S. government.
The removal comes after months of pushback against the security vendor over alleged ties to the Russian government, ties the security vendor has vehemently denied. Kaspersky has global headquarters in Moscow and has North American headquarters in Woburn, Mass.
ABC reported Tuesday that the government was eyeing a removal of Kaspersky from the GSA Schedule. The Senate Armed Services Committee last month also passed a bill to prohibit the U.S. Defense Department from using the security vendor's software over concerns that it "might be vulnerable to Russian government influence." The bill still needs to make its way through Congress before it could be signed by President Donald Trump.
In an email to CRN, a Kaspersky spokesperson denied any connection with the Russian government. The spokesperson said Kaspersky has offered significant evidence to the U.S. government to prove that it is not involved in any inappropriate relationships with Russian intelligence.
“Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts. The company has a 20-year history in the IT security industry of always abiding by the highest ethical business practices and trustworthy development of technologies, and Kaspersky Lab believes it is completely unacceptable that the company is being unjustly accused without any hard evidence to back up these false allegations. Kaspersky Lab, a private company, seems to be caught in the middle of a geopolitical fight where each side is attempting to use the company as a pawn in their political game. Eugene Kaspersky, CEO and founder of Kaspersky Lab, has repeatedly offered to meet with government officials, testify before the U.S. Congress and provide the company’s source code for an official audit to help address any questions the U.S. government has about the company. Kaspersky Lab continues to be available to assist all concerned government organizations with any investigations, and the company ardently believes a deeper examination of Kaspersky Lab will confirm that these allegations are unfounded,” the spokesperson said.
The federal government represents a significant portion of the IT cybersecurity market. According to Market Research Media, the U.S. federal cybersecurity market is expected to reach $22 billion by 2022, growing at a compound annual growth rate of 12 percent. Kaspersky said it generated $619 million in global revenue in 2015, but it is not clear how much of that comes from the federal market. Kaspersky is a private company and does not have to disclose its financials.
A second report, in Bloomberg, also alleged that Kaspersky had been working with the Russian intelligence agency FSB, citing internal emails it had obtained. Kaspersky published a lengthy blog post slamming the report. Kaspersky said it "regularly" works with governments and law enforcement agencies around the world, but does "not have inappropriate ties with any government."
Some partners CRN spoke with said they have already felt the impact of allegations of Russian ties to Kaspersky. Jon Allen, owner of South Ogden, Utah-based Proponent IT, said he has had multiple customers express concern over the vendor's Russian roots, including one customer who did some contracting with the Department of Defense.
"I've always been a big fan of their software and the way it runs and performs, but I've kind of taken into consideration what my customers feel and if they're not comfortable with the product I've got to give them lots of options," Allen said in a recent interview with CRN. He said he has generally stopped recommending Kaspersky to home users for this reason.
Other partners called the allegations of Russian involvement a political play by the government, with Kaspersky caught in the middle.
"It appears to be mostly political jockeying and pressure between the U.S. and Russia," Michael Knight, president and CTO of Greenville, S.C.-based Encore Technology Group, said in an email. "It would be foolish to think that Kaspersky hasn’t worked with the Russian Federal Police, but there is a major difference between working with them to solve state crimes versus cyberespionage."