In July, the U.S. General Services Administration (GSA) removed Kaspersky Lab from its list of approved vendors for information technology products and services out of concerns that the Russian company might be used by the Russian government to exploit or attack American computer networks. In September, the U.S. Department of Homeland Security issued a directive, following an investigation into the matter, which called for all Executive Branch agencies to cease using Kaspersky Lab products and services; considering the fact that Russian law allows for Russian intelligence agencies to compel assistance from Russian companies to “intercept communications transiting Russian networks…” On Monday, the U.S. Senate voted to remove all Kaspersky Lab products from U.S. government systems within 90 days, as part of the “FY-18 National Defense Authorization Act (NDAA)”.

The North American Electric Reliability Corporation (NERC) is about to issue an official alert to all electric service providers about Kaspersky Lab products and services. Other regulatory entities for other industries managing critical infrastructure throughout the U.S. will soon follow. It is the official IAMU position that our members begin to develop plans to phase out all Kaspersky Lab products and replace them with American equivalents as soon as possible.

If you have any questions, please contact Russell Saffell, Director of Member Security and Critical Infrastructure Protection at rsaffell@iamu.org or by phone at (515) 289-1999. Thank you for your continued efforts to provide and protect municipal utility services in Iowa.