Subscribe

Ukraine Crisis Resource Center

Biden Administration Considers Imposing Sanctions on Kaspersky Labs

April 6, 2022

As the U.S. government continues to ratchet up sanctions in response to the Russian invasion of Ukraine, public reporting suggests there may be a new target in the sites of U.S. sanctions authorities: Kaspersky Labs (Kaspersky), the popular Russian cybersecurity and antivirus company.  Any sanctions imposed by the Department of Treasury’s Office of Foreign Assets Control (OFAC) would come on the heels of other recent government action against Kaspersky.  On March 25, 2022, the Federal Communications Commission (FCC) added Kaspersky to its list of communications equipment and services that are deemed to pose an unacceptable risk to the national security of the United States, as well as the safety and security of the American people.  Kaspersky, which is headquartered in Moscow, is the first non-Chinese company added to the list that includes Shenzhen-based Huawei Technologies Company and ZTE Corporation, among others.  Kaspersky has publicly disagreed with the decision

Last week, several news outlets reported that the U.S. government has been privately warning some critical infrastructure companies that Russia could manipulate software designed by Kaspersky to gain remote access to customer information systems.  Similarly the United Kingdom’s National Cyber Security Centre (NCSC) has pointed out that the risk calculus has “materially changed,” and the NCSC further notes that “Russian law already contains legal obligations on companies to assist the Russian Federal Security Service (FSB), and the pressure to do so may increase in a time of war.”  Because many of Kaspersky’s most popular products relate to antivirus, endpoint protection, and cloud security, the chief concern is that such software may have privileged access to sensitive data or locations that could be exploited for Russia’s strategic advantage. 

These actions, and the looming possibility of sanctions, are the latest in a multi-year campaign by the federal government to reduce the risks it has identified as associated with Kaspersky’s products and services.  On September 13, 2017, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive 17-01, Removal of Kaspersky-Branded Products, requiring federal agencies to remove and discontinue use of all Kaspersky antivirus software because of the inherent vulnerability that Russian government threat actors could potentially exploit the software’s system access.  The following year, the National Defense Authorization Act for Fiscal Year 2018 prohibited the federal government from using hardware, software, or services developed, in whole or in part, by Kaspersky.  A corresponding addition to the Federal Acquisition Regulation (FAR)—FAR 52.204-23—prohibited government contractors from providing or using such hardware, software, and services in performance of a federal contract or subcontract.   In conjunction with these actions, several U.S. government officials warned of the risks to the private sector.

While the U.S. government considers sanctions against Kaspersky, there are several actions companies can undertake now to mitigate potential business disruptions and further secure their information and information systems:

  • Identify Kaspersky Products and Services – Companies should first consider whether they use any of Kaspersky’s cybersecurity offerings, from antivirus and endpoint protection offerings; to cloud security; to professional services such as Kaspersky’s security awareness training, security architecture design, or vulnerability and patch management programs.  Because Kaspersky’s software is often packaged with or renamed by other computer security products and services, this could require additional time and resources.  
  • Assess Supply Chain Implications Companies may also wish to examine whether their vendors and suppliers use Kaspersky’s products, as sanctions can and often do come with unanticipated supply chain issues.
  • Source or Develop Alternative Solutions – Companies that currently utilize Kaspersky should consider developing contingency plans to mitigate potential business disruptions.  If alternatives are not already in place, now is the time to line up backup products, especially for antivirus and endpoint protection.  Installing new antivirus and endpoint protection across an organization’s estate can be time-consuming, fraught with configuration difficulties, and (in nearly all cases) first requires the removal of any previous antivirus or endpoint protection systems for the new solution to operate effectively.

For more information, please contact the professional(s) listed below, or your regular Crowell & Moring contact.

Caroline E. Brown
Partner – Washington, D.C.
Phone: +1.202.624.2509
Email: cbrown@crowell.com
Robert Holleyman
Partner and C&M International President & CEO – Washington, D.C.
Phone: +1.202.624.2505
Email: rholleyman@crowell.com
Jeffrey L. Snyder
Partner – Washington, D.C.
Phone: +1.202.624.2790
Email: jsnyder@crowell.com
Evan D. Wolff
Partner – Washington, D.C.
Phone: +1.202.624.2615
Email: ewolff@crowell.com
Alexander Urbelis
Senior Counsel – New York
Phone: +1.212.895.4254
Email: aurbelis@crowell.com
Paul C. Mathis
Associate – Washington, D.C.
Phone: +1.202.688.3432
Email: pmathis@crowell.com

Ukraine Crisis Contacts

Antitrust

Shawn R. Johnson
Partner – Washington, D.C.
Phone: +1.202.624.2624
Email: srjohnson@crowell.com

Learn more about our Antitrust & Competition practice.

Aviation

Eileen M. Gleimer
Partner – Washington, D.C.
Phone: +1.202.624.2840
Email: egleimer@crowell.com

Learn more about our Aviation practice.

Corporate

Bryan Brewer
Partner – Washington, D.C.
Phone: +1.202.624.2605
Email: bbrewer@crowell.com
Jennifer K. Grady
Partner – New York
Phone: +1.212.530.1893
Email: jgrady@crowell.com
Frederick (Rick) Hyman
Partner – New York
Phone: +1.212.803.4028
Email: fhyman@crowell.com
Richard J. Lee
Partner – New York
Phone: +1.212.530.1937
Email: rlee@crowell.com
Scott Lessne
Senior Counsel – Washington, D.C.
Phone: +1.202.624.2597
Email: slessne@crowell.com
Timothy E. Lin
Partner – New York
Phone: +1.212.530.1921
Email: tlin@crowell.com
Kevin Rubinstein
Partner – New York
Phone: +1.212.530.1818
Email: krubinstein@crowell.com
Cathryn Williams
Partner – London
Phone: +44.20.7413.1345, +44.07775.900050
Email: cewilliams@crowell.com

Learn more about our Corporate & Transactional practice.

Cybersecurity

Evan D. Wolff
Partner – Washington, D.C.
Phone: +1.202.624.2615
Email: ewolff@crowell.com
Alexander Urbelis
Senior Counsel – New York
Phone: +1.212.895.4254
Email: aurbelis@crowell.com

Learn more about our Privacy & Cybersecurity practice.

Financial Services

Carlton Greene
Partner – Washington, D.C.
Phone: +1.202.624.2818
Email: cgreene@crowell.com
Andrew J. Knight
Partner – London
Phone: +44.20.7413.1366
Email: aknight@crowell.com
Richard J. Lee
Partner – New York
Phone: +1.212.530.1937
Email: rlee@crowell.com
Michael D. Mann
Partner – Washington, D.C.
Phone: +1.202.261.2990
Email: mmann@crowell.com
Andrew M. Martin
Partner – London
Phone: +44.20.7382.4890
Email: amartin@crowell.com
William Q. Orbe
Partner – New York
Phone: +1.212.530.1850
Email: worbe@crowell.com
Gregory Gennady Plotko
Partner – New York
Phone: +1.212.530.1924
Email: gplotko@crowell.com

Learn more about our Financial Services practice.

Government Affairs

James G. Flood
Partner – Washington, D.C.
Phone: +1.202.624.2716
Email: jflood@crowell.com
Kate Beale
Senior Policy Director – Washington, D.C.(CMI)
Phone: +1.202.508.8997
Email: KBeale@crowell.com

Learn more about our Government Affairs practice.

Government Contracts

Robert J. Sneckenberg
Partner – Washington, D.C.
Phone: +1.202.624.2874
Email: rsneckenberg@crowell.com
Peter Eyre
Partner – Washington, D.C.
Phone: +1.202.624.2807
Email: peyre@crowell.com
Laura J. Mitchell Baker
Counsel – Washington, D.C.
Phone: +1.202.624.2581
Email: lbaker@crowell.com
Christopher D. Garcia
Counsel – Washington, D.C.
Phone: +1.202.688.3450
Email: cgarcia@crowell.com
Rina M. Gashaw
Associate – Washington, D.C.
Phone: +1.202.624.2827
Email: rgashaw@crowell.com
Allison Skager
Associate – Los Angeles
Phone: +1.213.310.7957
Email: askager@crowell.com

Learn more about our Government Contracts practice.

Global Mobility

Nicole Janigian Simonian
Partner – Los Angeles, Shanghai
Phone: +1.213.310.7998
Email: nsimonian@crowell.com

Learn more about our Global Mobility practice.

Insurance

Laura Foggan
Partner – Washington, D.C.
Phone: +1.202.624.2774
Email: lfoggan@crowell.com

Learn more about our Insurance / Reinsurance practice.

International Trade/Sanctions/Export Control

John B. Brew
Partner – Washington, D.C.
Phone: +1.202.624.2720
Email: jbrew@crowell.com
Caroline E. Brown
Partner – Washington, D.C.
Phone: +1.202.624.2509
Email: cbrown@crowell.com
Carlton Greene
Partner – Washington, D.C.
Phone: +1.202.624.2818
Email: cgreene@crowell.com
Robert Holleyman
Partner and C&M International President & CEO – Washington, D.C.
Phone: +1.202.624.2505
Email: rholleyman@crowell.com
Michelle J. Linderman
Partner – London
Phone: +44.20.7413.1353
Email: mlinderman@crowell.com
Jeffrey L. Snyder
Partner – Washington, D.C.
Phone: +1.202.624.2790
Email: jsnyder@crowell.com
David (Dj) Wolff
Partner; Attorney at Law – Washington, D.C., London
Phone: +1.202.624.2548, +44.20.7413.1368
Email: djwolff@crowell.com
Robert Clifton Burns
Senior Counsel – Washington, D.C.
Phone: +1.202.688.3448
Email: cburns@crowell.com

Learn more about our International Trade practice.

International Dispute Resolution

Meagan T. Bachman
Partner – Washington, D.C.
Phone: +1.202.624.2722
Email: mbachman@crowell.com
Ian A. Laird
Partner – Washington, D.C.
Phone: +1.202.624.2879
Email: ilaird@crowell.com
John L. Murino
Partner – Washington, D.C.
Phone: +1.202.624.2663
Email: jmurino@crowell.com
Laurence Winston
Partner – London
Phone: +44.20.7413.1333
Email: lwinston@crowell.com

Learn more about our International Dispute Resolution practice.

Labor & Employment

Sadina Montani
Partner – Washington, D.C.
Phone: +1.202.508.8875
Email: smontani@crowell.com

Learn more about our Labor & Employment practice.

Technology & Brand Protection

Andrew J. Avsec
Partner – Chicago
Phone: +1.312.840.3260
Email: aavsec@crowell.com
Virginia Wolk Marino
Partner – Chicago
Phone: +1.312.840.3228
Email: vmarino@crowell.com

Learn more about our Technology & Brand Protection practice.

Tax

S. Starling Marshall
Partner – New York
Phone: +1.212.895.4263
Email: smarshall@crowell.com
Irina Pisareva
Partner – New York
Phone: +1.212.803.4067
Email: ipisareva@crowell.com

Learn more about our Tax practice.

Force Majeure

Bryan Brewer
Partner – Washington, D.C.
Phone: +1.202.624.2605
Email: bbrewer@crowell.com
Allyson McKinstry
Partner – New York
Phone: +1.212.803.4061
Email: amckinstry@crowell.com
Scott L. Winkelman
Partner – Washington, D.C.
Phone: +1.202.624.2972
Email: swinkelman@crowell.com
Laurence Winston
Partner – London
Phone: +44.20.7413.1333
Email: lwinston@crowell.com

White Collar

Michael K. Atkinson
Partner – Washington, D.C.
Phone: +1.202.624.2540
Email: matkinson@crowell.com
Michael J. Gunnison
Senior Counsel – Doha
Email: mgunnison@crowell.com

Learn more about our White Collar & Regulatory Enforcement practice.