WASHINGTON (Reuters) – About 15 percent of U.S. federal agencies have reported some trace of Moscow-based Kaspersky Lab software on their systems, a Department of Homeland Security (DHS) official told Congress on Tuesday.
Jeanette Manfra, assistant secretary for cyber security at DHS, told a U.S. House of Representatives panel that 94 percent of agencies had responded to a directive ordering them to survey their networks to identify any use of Kaspersky Lab products.
The administration of President Donald Trump ordered civilian U.S. agencies in September to remove Kaspersky Lab from their networks, amid worries the antivirus firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardize national security.
The decision represented a sharp response to what U.S. intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponized the internet in an attempt to influence its outcome.
Kaspersky Lab has repeatedly denied the allegations, and Moscow has denied that it sought to interfere in the 2016 presidential election.
The September DHS order required civilian agencies to identify any use of Kaspersky Lab products within 30 days and to discontinue their use within 90 days.
Ninety-six of 102 federal agencies have reported to DHS on whether they have found Kaspersky Lab software on their networks, Manfra told the oversight subcommittee of the House Science, Space and Technology Committee.
DHS is working with the remaining six “very small” agencies to assess their networks, Manfra said. She did not name the agencies that detected Kaspersky Lab software or those that were still auditing their systems.
Manfra said DHS did “not currently have conclusive evidence” that any networks had been breached due to their use of Kaspersky Lab software.
Kaspersky Lab provided a written response last Friday to the order banning their products, Manfra said, but officials were still reviewing it.
The company’s products generally appeared to make its way onto U.S. government systems through larger technology purchases that included Kaspersky Lab products as pre-bundled software, making it more difficult to track, according to Manfra and other officials who were testifying on Tuesday.
To address suspicions, Kaspersky Lab said last month it would submit the source code of its software and future updates for inspection by independent parties.
Manfra said that such a step, while welcomed, would “not be sufficient” to address concerns the U.S. government has about Kaspersky Lab.
Editing by Bernadette Baum