President Donald Trump on Tuesday signed into law the National Defense Authorization Act for Fiscal Year 2018 (H.R.2810), which contains a section prohibiting federal use of products and services from Russia-based cybersecurity firm Kaspersky Lab.
According to the law, the ban takes effect on Oct. 1, 2018. Additionally, within 180 days of the passing of the act, the Secretary of Defense must present a report to relevant Congressional committees detailing the findings from a review of procedures for removing Kaspersky products from federal government networks.
Last September, the Department of Homeland Security also issued a binding order forbidding the use of Kaspersky Lab security software. The order gave federal agencies three months to inventory and remove the software.
“Considering the grave risk that Kaspersky Lab poses to our national security, it’s necessary that the current directive to remove Kaspersky Lab software from government computers be broadened and reinforced by statute,” said U.S. Senator Jeanne Shaheen (D-N.H.), who earlier this year introduced the amendment that bans Kaspersky into H.R.2810. “The case against Kaspersky is well-documented and deeply concerning. This law is long overdue, and I appreciate the urgency of my bipartisan colleagues on the Senate Armed Services Committee to remove this threat from government systems. Going forward, I will continue to push for additional measures that strengthen our nation’s cybersecurity and protect our democracy from harmful foreign interference,” Shaheen continued in a press release.
The National Defense Authorization Act also covers a variety of additional cyber matters, such as the development of a Strategic Cybersecurity Program and the execution of a comprehensive U.S. cyber posture review.