The Pentagon’s military intelligence arm flagged software produced by Moscow-based firm Kaspersky Lab as a potential threat in 2004, according to recent correspondence with Congress.

The House Science, Space and Technology Committee uncovered the detail in the course of its oversight investigation into potential risks to government information systems posed by Kaspersky, a multinational cybersecurity company that has come under scrutiny over fears that its software could be compromised by the Russian government.

ADVERTISEMENT

The Department of Homeland Security issued a government-wide ban on Kaspersky products in September over potential threats to national security.

However, the Defense Intelligence Agency (DIA) had flagged Kaspersky as a potential threat in 2004, according to a memo that Science, Space and Technology Committee Chairman Lamar Smith (R-Texas) sent to other committee members late last week.

The memo references an email from the Pentagon’s legislative affairs staff on Nov. 15 confirming that the DIA “began producing threat reporting referencing Kaspersky Lab as a threat actor as early as 2004.”

The correspondence also confirmed that the Pentagon issued a department-wide threat assessment on Kaspersky in 2012 as part of its efforts to manage risks to the supply chain.

The email came after the committee’s second hearing in a series focused on Kaspersky last Tuesday, which featured testimony from the Pentagon’s deputy chief information officer for cybersecurity.

That official, Essye Miller, told committee members last week that the Pentagon had stopped using Kaspersky a few years ago as a result of available intelligence information, though she could not pinpoint the exact year the decision was made.

Kaspersky has long fought allegations of ties to the Russian government, saying such claims are unfounded. The company produces anti-virus software and threat research, serving about 400 million users globally.

Recent reports have claimed that Russian spies exploited Kaspersky software in order to steal U.S. intelligence secrets.

In issuing the ban in September, Homeland Security cited “the risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems.”