14 DAY TRIAL // The United Kingdom’s cyber security agency has published a public letter to the country’s government departments to warn against using Russian security software that could be used for cyber espionage and targeted attacks aimed at local officials.
The UK National Cyber Security Centre revealed there are concerns that “Russia is acting against the UK’s national interest in cyberspace,” and Russian security software could facilitate espionage, disruption and influence operations.
“We advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used,” NCSC CEO Ciaran Martin said in the public letter.
Working with Kaspersky on reviewing security software
As compared to the United States, who has already banned the use of Kaspersky software on government computers, the UK says it’s working with the Russian security vendor on a way to review their products and determine whether they’re safe for government use or not.
Unofficial reports from the US also indicated that the FBI briefed several large companies in the public and private sectors on the risks of using Kaspersky software and encouraging the adoption of alternative products from non-Russian-based companies.
“We are in discussions with Kaspersky Lab, by far the largest Russian player in the UK, about whether we can develop a framework that we and others can independently verify, which would give the Government assurance about the security of their involvement in the wider UK market,” the UK official said.
“In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state. We will be transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions.”
Some British companies have already abandoned Kaspersky products following the agency’s letter, including Barclays bank, who said antivirus from the Russian vendor would no longer be offered to customers.
“Even though this new guidance isn’t directed at members of the public, we have taken the decision to withdraw the offer of Kaspersky software from our customer website,” the bank was quoted as saying by Reuters.
Kaspersky says it’s willing to work with the British government on addressing all security concerns.