On June 21, 2024, the US Commerce Department banned the sale and update of products in the United States from Kaspersky Labs, a Russian cybersecurity and software vendor mostly known for its antivirus products.
The US Department of Homeland Security had banned use of Kaspersky Labs products in government systems in 2017. The US Department of the Treasury’s Office of Foreign Assets Control has also issued sanctions against 12 of Kaspersky’s executives, except for CEO and founder Eugene Kaspersky.
The US regards Kaspersky Labs as a threat, because they are subject to Russian laws and must comply with requests for information by the Russian government. Further there is worry that Kaspersky Labs software could be used to implant malware on US computers to transfer data to Russia, which makes it a national security concern. Kaspersky Labs for its part denies the allegations that it has close ties to the Russian government and that it provides information to the Russian government, or any other government.
The geopolitical unrest happening around the world is leading to more government bans both on imports of technology and exports of technology. The US has banned the sale of many CPUs and GPUs to China, while forbidding one of China’s largest enterprise technology companies, Huawei, to sell its products in the US There are plenty more examples of these actions from major powers across the world.
Software country of origin
For enterprise IT leadership and professionals, it has become important to document where all the corporate IT equipment, services, and software is coming from. Every sign today points at more geopolitical unrest and more bans on technology and/or products. A complete inventory that includes country of origin is the only way that an enterprise can make a fair and accurate assessment of its exposure to software and hardware that has the potential to be impacted by government actions.
This means including software components such as drivers, smaller libraries and small services. This must be done for both vendor-provided software as well as software developed in-house.
Hardware under scrutiny
Hardware must receive similar scrutiny, although going to the component level below CPUs, GPUs, and memory is unnecessary. The other area that will need attention is the operational technology (OT) parts of the business, all the software and hardware that run field and manufacturing systems.
High-risk critical software and hardware should be added to the budget for replacement sooner rather than later. Enterprises should use that inventory to create contingency plans for any less critical items that may become subject to bans, to ensure that a smooth pivot can be executed.
While this exercise is time-consuming and to some it may be a frivolous exercise, it’s the only way for an enterprise to avoid being blindsided and understand its own exposure and mitigate the risk through active replacement and planning.
Related Company Profiles
Huawei Investment & Holding Co Ltd