The Federal Communications Commission (FCC) has expanded the list of untrusted vendors that it bars from receiving public funds
The Secure and Trusted Networks Act was first written into law in 2019, established as a mechanism through which equipment or services that posed a threat to US national security could be excluded from the nation’s networks. More specifically, the bill prohibits the use of federal funds to purchase equipment from companies added to a list of companies deemed a security risk by the FCC.
This list was first compiled in March 2021 and contained five Chinese firms: Huawei Technologies, ZTE Corporation, Hytera, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company.
Now, the FCC has announced its latest additions to the untrusted vendors list, including, for the first time, a non-Chinese company: Kaspersky.
Two additional Chinese firms – major operators China Telecom (Americas) and China Mobile International USA – were also added to the list. These companies had already been barred from the US market by the FCC due to previous security concerns.
“Last year, for the first time, the FCC published a list of communications equipment and services that pose an unacceptable risk to national security, and we have been working closely with our national security partners to review and update this list,” said Chairwoman Jessica Rosenworcel. “Today’s action is the latest in the FCC’s ongoing efforts, as part of the greater whole-of-government approach, to strengthen America’s communications networks against national security threats, including examining the foreign ownership of telecommunications companies providing service in the United States and revoking the authorization to operate where necessary. Our work in this area continues.”
The addition of Russian cybersecurity software company Kaspersky to the list should not come as too much of a surprise. With Russia’s invasion of Ukraine, Russia is facing enormous sanctions on a global scale, but the US’s distrust of Kaspersky technology actually dates back much further.
In 2017, the US General Services Administration announced that Kaspersky was being removed from its listed of trusted government suppliers, meaning it would no longer be used for government systems, citing security concerns. At the heart of this issue was that Kaspersky is required by law to cooperate with the Russian intelligence agencies if directed to do so by the state.
Kaspersky, naturally, has argued that it is a privately-managed company with no ties to the Russian government. The company called their addition to the security list as “disappointing”, saying the decision was driven by geopolitics rather than evidence.
The US is not the only country that has been growing increasingly wary of Kaspersky. Two weeks ago, Germany issued a warning to users of Kaspersky products, saying that the technology could provide a gateway for cyberattacks and advising them to uninstall the software.