author photo
By Bruce Sussman
Thu | Jul 12, 2018 | 4:19 AM PDT

Russian cybercrimes are the theme of a letter written by the Congressional Committee on Science, Space, and Technology to the Comptroller General of the United States.

And Kaspersky Lab and its products are a huge part of it, according to the document, especially around doctors, dams, and oil rigs.

Yes, Kaspersky has been ordered removed from U.S. government servers and networks.

But there is more at stake and potentially at risk in the private sector.

"A recent review of some of Kaspersky's current clients also found that a Houston, Texas based oil company with 7,000 employees, 38 offshore platforms and over 77 mobile land rigs around the world... purchased 1,000 endpoint licenses and 40 virtual server licenses for Kaspersky Lab security software.

Another Illinois-based healthcare facility with more than 300 physicians and 2,400 employees purchased Kaspersky security licenses for 400 virtual desktops and 2,900 workstations.

If the U.S. intelligence community's concerns about the potential security threats are accurate, then the use of Kaspersky products on U.S. critical infrastructure by the private sector also poses a legitimate risk to the public.

However, the extent to which Kaspersky products are being used on facilities, dams, electric plants, water distribution systems, and healthcare networks, or the U.S. election infrastructure is unclear. The presence of Kaspersky products at these facilities could pose a threat to our critical infrastructure."

At the same time these questions were being asked, NextGov posted a last-minute appeal by Kaspersky, seeking to stop the government from causing Kaspersky additional "reputational harm." All government procurements are required to mention the ban on Kaspersky products beginning July 16, 2018.