About 15 per cent of US government agencies have detected some trace of Russian company Kaspersky Lab's software on their systems in a review prompted by concerns the antivirus firm is vulnerable to Kremlin influence, a security official told Congress on Tuesday.
Jeanette Manfra, assistant secretary for cyber security at the Department of Homeland Security (DHS), said that 94 per cent of agencies had responded to an order to survey their networks to identify any use of Kaspersky Lab products and to remove them.
Manfra told a US House of Representatives panel the DHS did “not currently have conclusive evidence” that any networks had been breached because of their use of Kaspersky software.
The administration of President Donald Trump ordered civilian US agencies in September to remove Kaspersky Lab from their networks. US officials are concerned that the company's anti-virus software could be used by Russian intelligence agencies to spy on the US government.
The decision represented a sharp response to what US intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.
Kaspersky Lab has repeatedly denied that it has ties to any government and said it would not help a government with cyber espionage. Moscow has denied that it sought to interfere in the 2016 US presidential election.
DHS is working with the remaining six “very small” agencies to assess their networks, Manfra said. She did not name the agencies that detected Kaspersky Lab products or those that were still auditing their systems. The government was generally complying with the directive to remove the software, Manfra said.
She told lawmakers it was possible the action against Kaspersky Lab could prompt litigation, but she did not elaborate. Asked if the company is considering suing the US government, a spokeswoman for Kaspersky Lab said in a statement that the company “continues to consider all possible options.”
Some lawmakers expressed agitation at why the US government, having had suspicions about Kaspersky Lab for years, did not move more quickly to purge its software from networks.
Manfra said she became personally aware of concerns about the firm in 2014, and that while DHS promptly took steps to remove software, other agencies may have lagged in part because they did not have access to classified information.