The Federal Communications Commission (FCC) yesterday added Russia’s AO Kaspersky Lab, China Telecom (Americas) Corp, and China Mobile International USA to its list of communications equipment and service providers deemed threats to US national security.
FCC Commissioner Brendan Carr said the new designations “will help secure our networks from threats posed by Chinese and Russian state-backed entities seeking to engage in espionage and otherwise harm America’s interests.”
U.S. officials have long said that running Kaspersky software could open American networks to malign activity from Moscow. They banned Kaspersky’s flagship antivirus product from federal networks in 2017. Moscow-based Kaspersky has consistently denied being a tool of the Russian government.
In naming Kaspersky, the FCC announcement did not cite Russia’s invasion of Ukraine or recent warnings by President Joe Biden of potential cyberattacks by Russia in response to U.S. sanctions and support of Ukraine.
Kaspersky said in a statement that it was disappointed in the FCC decision, arguing it was “made on political grounds”. The move was “unsubstantiated and is a response to the geopolitical climate rather than a comprehensive evaluation of the integrity of Kaspersky’s products and services,” the company said.
Kaspersky at the time denied “inappropriate ties with any government” and criticized the U.S. decision as “based on false allegations and inaccurate assumption. It includes claims about the impact of Russian regulations and policies.”
In October, the FCC revoked the U.S. authorization for China Telecom (Americas). They say it “is subject to exploitation, influence, and control by the Chinese government.”
The FCC cited its prior decisions to deny or revoke the Chinese telecom companies’ ability to operate in the United States in its decision to add them to the threat list.
The FCC also revoked the U.S. authorizations of China Unicom and Pacific Networks and its wholly-owned subsidiary ComNet.
In 2019, the FCC rejected China Mobile’s bid to provide U.S. telecommunications services, citing national security risks.
HackerOne tensions
The FCC announcement also comes as Kaspersky said publicly that its use of the HackerOne bug bounty platform had been “suspended indefinitely”. The San Francisco-based company’s software allows companies to collect information from white-hat hackers. They pay them freelance fees for the vulnerabilities they discover.
“The platform blocked Kaspersky’s access to the program and made Kaspersky’s bug bounty page at HackerOne unavailable to researchers,” Kaspersky said in a tweet. “HackerOne has frozen existing funds and discussions for already reported vulnerabilities.”
“Our conversations with Kaspersky are ongoing, and we will continue to work with their team to address their concerns,” the spokesperson said.
HackerOne had announced last week that because of U.S. sanctions related to the war in Ukraine. It was suspending relationships with companies from Russia and Belarus.
