About 15 per cent of United States federal agencies have reported some trace of Moscow-based Kaspersky Lab software on their systems, a Department of Homeland Security (DHS) official told Congress.
Jeanette Manfra, assistant secretary for cyber security at DHS, told a U.S. House of Representatives panel that 94 per cent of agencies had responded to a directive ordering them to survey their networks to identify any use of Kaspersky Lab products and to remove them.
But Manfra said DHS did "not currently have conclusive evidence" that any networks had been breached due to their use of Kaspersky Lab software.
The administration of President Donald Trump ordered civilian US agencies in September to remove Kaspersky Lab from their networks, amid worries the anti-virus firm was vulnerable to Kremlin influence and that using its anti-virus software could jeopardise national security.
The decision represented a sharp response to what US intelligence agencies have described as a national security threat posed by Russia in cyberspace, following an election year marred by allegations that Moscow weaponised the internet in an attempt to influence its outcome.
Kaspersky Lab has repeatedly denied the allegations, and Moscow has denied that it sought to interfere in the 2016 presidential election.
The September DHS order required civilian agencies to identify any use of Kaspersky Lab products within 30 days and to discontinue their use within 90 days.
Ninety-six of 102 federal agencies have reported to DHS on whether they have found Kaspersky Lab software on their networks, Manfra told the oversight subcommittee of the House Science, Space and Technology Committee.
DHS is working with the remaining six "very small" agencies to assess their networks, Manfra said. She did not name the agencies that detected Kaspersky Lab products or those that were still auditing their systems but said the government was generally complying with the directive to remove the software.
Some lawmakers expressed agitation at why the US government, having had suspicions about Kaspersky Lab for years, did not move more quickly to purge its software from their networks.
Manfra said she became personally aware of concerns about the firm in 2014, and that while DHS promptly took steps to remove software, other agencies may have lagged in part because they did not have access to classified information.
The company's products generally appeared to land on US government networks through larger technology purchases that included Kaspersky Lab products as pre-bundled software, making it more difficult to track, according to Manfra and other officials who were testifying on Tuesday.
Kaspersky Lab has said previously that its footprint in the US federal government market was minimal.
To address suspicions, Kaspersky Lab said last month it would submit the source code of its software and future updates for inspection by independent parties.
Manfra said such a step, while welcomed, would "not be sufficient" to address concerns the US government has about Kaspersky Lab.
(Editing by Bernadette Baum)