Rob Joyce, President Donald Trump’s administration’s cybersecurity coordinator, warned the public against using software developed by Kaspersky Labs, an elite Russian cybersecurity firm.
“I don’t use Kaspersky Lab products,” Joyce told CBS News in an interview published Wednesday.
Joyce’s comments came one month after the Trump administration moved to prevent government agencies from using Kaspersky’s software.
The General Services Administration announced in July that it had removed Kaspersky from the list of approved vendors government agencies can use to obtain technology-related services.
“GSA’s priorities are to ensure the integrity and security of US government systems and networks and evaluate products and services available on our contracts using supply chain risk management processes,” a GSA spokesperson told Politico at the time.
When Joyce was asked on Wednesday whether he would recommend those close to him use Kaspersky’s products, Joyce said he would not.
“I worry that as a nation state Russia really hasn’t done the right things for this country and they have a lot of control and latitude over the information that goes to companies in Russia,” Joyce said. “So I worry about that.”
Kaspersky is currently under active FBI counterintelligence investigation, and the Senate Intelligence Committee is also probing the nature of its relationship to the Kremlin, calling it an “important national security issue.”
The FBI also interviewed at least a dozen employees of the firm in late June, visiting them at their homes on the East and West Coasts to gather facts about how Kaspersky works.
Kaspersky’s products are widely used across the US, and officials worry that Russian state actors could exploit Kaspersky’s software and gain access to sensitive user data as well as critical infrastructure.
Alex McGeorge, the head of threat intelligence at Immunity Inc., told Business Insider in an earlier interview that instead of imposing economic sanctions in response to cyber threats, the US should retaliate by targeting key players in Russia’s cyber industry. The Trump administration’s warnings against Kaspersky may do just that.
“The intelligence community has come out and said there’s internal evidence saying Kaspersky is not playing fair and can’t really be trusted,” McGeorge said. “It would send a good message and be a clear statement to Russia if the US government responded in kind and took aim exactly at the Russian cyber industry. That’s what a deterrent would look like.”
Michael Morell, the former deputy director of the CIA, reiterated the intelligence community’s belief of a link between Kaspersky and the Kremlin. “There is a connection between Kaspersky and Russian intelligence, and I’m absolutely certain that Russian intelligence would want to use that connection to their advantage,” Morell told CBS.
The company is registered with the FSB, Russia’s spy agency, but Kaspersky claims it has no connection to Russian intelligence.
“Kaspersky Lab doesn’t have inappropriate ties with any government,” the firm told Business Insider. The company said no credible evidence has established ties to ties between Kaspersky and the Kremlin, and that it’s merely “caught in the middle of a geopolitical fight” and being treated unfairly.
Russia has increasingly emerged as a central figure following a slew of high-profile cyberattacks over the past few years. In addition to interfering in the US election, Russia is also thought to be the culprit behind an elaborate effort to turn Ukraine into a cyber-weapon testing ground.
Officials also believe Russia may have been behind the “Petya” cyberattack that crippled countries and corporations across the globe.
Investigators have additionally linked Russia to attacks on at least a dozen US nuclear facilities. The hacks, though confined to the enterprise side of the nuclear plants, raised red flags as they could be a preliminary step toward an attack against the US power grid.