Another influential congressman has criticized the Department of Homeland Security for not being transparent enough about the government’s ongoing efforts to remove a Russian anti-virus product from federal systems.
Rep. Lamar Smith, chairman of the House Committee on Science, Space and Technology, is threatening to subpoena documents from DHS concerning a ban against Kaspersky Lab’s anti-virus software. The threat comes because the department failed to provide sufficient information requested by the committee, according to Smith.
Smith, R-Texas, is not the first lawmaker to call out DHS for a lack of cooperation. In a letter last month, Rep. Bennie Thompson, D-Miss., accused the department of sending “unclear messages” about its progress made on banning Kaspersky products.
The committee originally asked for a detailed update about the removal process from DHS on Dec. 5, 2017. After more than a month, DHS produced a limited set of documents, but the report only contained already public information. On Jan. 8, department staff told the committee that no further documents could be provided due to the prospect of pending litigation.
“Much of the information produced was both publicly available information and outside the scope of our request,” Brandon VerVelde, spokesperson for the committee, told CyberScoop. “The committee firmly believes that ongoing litigation is not a basis for the Department to not produce information requested by the committee.”
In September 2017, DHS ordered the removal of all Kaspersky software from federal computers due to national security concerns driven by the company’s alleged coziness with Russian intelligence services. In December, Congress codified the ban through the passage of the 2018 National Defense Authorization Act, which also contained language pushing Kaspersky products out of federal systems.
“The committee’s goal is to uncover all risks associated with Kaspersky’s presence on government systems,” VerVelde said. “There is a lot that can be learned in fully understanding how each agency implemented the order to remove Kaspersky software, including the tools they used to do so and any difficulties they encountered.”
U.S. government officials say Kaspersky Lab’s products were previously exploited by Russian intelligence agencies to collect classified U.S. documents from computers where their software had been installed. The company has repeatedly denied any wrongdoing.
Last month, Kaspersky Lab announced that it will be suing the DHS for banning its anti-virus software with no evidence of foul play. Since the injunction was filed in court, the Homeland Security Department has gone silent on the issue, referring all request for information to the Justice Department, which in turn has declined to comment.
Under the Federal Information Security Modernization Act of 2014, federal departments and agencies are required to report to the Science Committee regularly when there is a major cybersecurity breach. The committee has given DHS until Feb. 8 to provide the requested materials electronically. If DHS still refuses, the committee will be taking further action to obtain what it needs, Smith said.