A majority of government employees think all foreign anti-virus software should be banned from government systems, following widespread concern about Kremlin ties to the Russian anti-virus firm Kaspersky Lab, a Government Business Council poll found.
The concern is far greater inside the Defense Department than among federal civilian or state and local government employees, according to GBC, the research arm of Government Executive Media Group, Nextgov’s parent organization.
About 65 percent of Defense Department respondents agreed or strongly agreed that “in light of recent breaches, government agencies should be barred from using the services of anti-virus software companies, which are headquartered outside the United States.”
Just 56 percent of federal civilian employees and 45 percent of state and local government employees agreed or strongly agreed with that statement.
Nearly 50 percent of Defense employees strongly agreed, compared with just 33 percent of federal civilian employees and 20 percent of state and local employees.
The Homeland Security Department ordered civilian agencies to begin removing Kaspersky from their networks in September following months of reports suggesting the Moscow-based anti-virus might be compromised by or highly vulnerable to Russian government hackers.
The Defense Department has said it is following the Homeland Security directive even though it is not officially bound by it. The department would not say whether it has found instances of Kaspersky running on Defense systems.
In many cases, Kaspersky was installed as an add-on for particular systems without the full authorization of agency IT staff, White House Cybersecurity Coordinator Rob Joyce said Thursday.
He described the amount of Kaspersky in government as “not heinous” but “more than we were comfortable with.”
The GBC findings were based on 1,028 responses to a series of flash polls.
GBC queried a subset of 163 of those respondents who said they were familiar with Kaspersky’s reputation about whether their agency had used Kaspersky software within the last year.
Among 25 Defense employees in that group, 3, (12 percent), said Kaspersky had protected computers at their agency in the past year.
By comparison, 17 out of 103, (17 percent) of federal civilians answered yes to that question and 9 out of 35 (26 percent) of state and local government employees answered yes.