Russian Cybersecurity Business Kaspersky Added to US Telecoms Blacklist

The Federal Communications Commission (FCC), the US comms regulator, has added three new firms to its ‘covered list’ of companies considered to be a national security risk and hence prohibited from receiving public funds. They are:

  • Kaspersky, the Russian cybersecurity and anti-virus provider;
  • China Mobile’s US subsidiary; and
  • China Telecom’s US subsidiary.

Kaspersky is the first business to be added to the covered list which did not originate in China. A statement from Kaspersky complained the FCC’s decision was based on politics, not technology.

Kaspersky is disappointed with the decision by the Federal Communications Commission (FCC) to prohibit certain telecommunications-related federal subsidies from being used to purchase Kaspersky products and services. This decision is not based on any technical assessment of Kaspersky products – that the company continuously advocates for – but instead is being made on political grounds.

The Chinese embassy in the USA also protested the decision to add China Mobile and China Telecom to the covered list. They described it as an abuse of state power that is not justified by any evidence of wrongdoing by either company.

Adding the three companies to the covered list has little significance beyond the reputation damage caused by labelling them a risk to US security. The law as it currently stands only prohibits the firms on the covered list from receiving public funds that none of these companies would have expected to get anyway. Kaspersky products were removed from all US government agencies in 2017, whilst China Mobile and China Telecom have already been prevented from providing services in the USA and to US networks. However, it is likely that the US law will evolve in future so that US telcos will no longer be able to make any purchases from businesses on the covered list.

The invasion of Ukraine was not given as a reason to add Kaspersky to the covered list, though the timing suggests political symbolism was a factor in the decision, as Kaspersky are not doing anything different now than they were doing when the covered list was first established a year ago. In reality, this is just the shuffling of a minor piece during the global game of Cold War 2, the deterioration in relations between Western and Eastern powers that will greatly complicate the management of international networks. This confirms the US has no real strategy for winning the game they are playing.

Separate from the worsening of international relations, the FCC also has some ill-formulated plans to increase the amount of telecoms traffic that will be blocked in future, and to ban telcos that do not assist in blocking this traffic. But nobody is seriously suggesting that they want a future where people in China or Russia cannot make calls to US numbers or vice versa. The contradictions inherent to the FCC’s goals will eventually lead to absurdities, but not before they create pain for foreign intermediary carriers that will still need to respect the law in China, Russia, the USA and everywhere between.

The FCC notice about Kaspersky, China Mobile and China Telecom joining the covered list can be downloaded from here. The complete covered list is found here.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Chief Executive of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.