UC orders moratorium on new purchases or uses of Kaspersky Lab products

The University of California has ordered all UC campuses and locations not to buy or deploy Kaspersky Lab products, including technology that uses embedded Kaspersky code.

Kaspersky’s main product is antivirus software. Based on procurement records and data from managed computer systems, only a handful of locations at UC Davis use Kaspersky products, so the impact here is minor.

Locations already using Kaspersky products have six months to “stop using Kaspersky-branded technologies,” and 18 months to “remove technologies with Kaspersky-embedded code from their environments,” according to a memo from Tom Andriola, vice president and chief information officer for the University of California. The UC Davis Information Security Office (ISO) is putting together a plan for this campus, working with the people known to use the software.

“Kaspersky Lab has been linked to the Russian government and cyber espionage, and use of its software has been identified as a potential threat,” Andriola’s memo says.

The moratorium was ordered by UC President Janet Napolitano. Last summer the U.S. General Services Administration removed Kaspersky Lab from two lists of approved vendors used by government agencies to buy technology equipment. California’s government then required all California state departments to immediately stop using Kaspersky’s cybersecurity and IT products.

The University of California evaluated its options in view of those developments, and its review culminated in the moratorium.

Please send any questions or comments about the Kaspersky moratorium to the UC Davis ISO at cybersecurity@ucdavis.edu. If you have questions about possible use of Kaspersky products in your work area, please contact your department’s tech support personnel or the IT Express Service Desk.