The National Cyber Security Centre in the United Kingdom issued a warning to government departments this week on the risks of using Russian security software or antivirus because of the potential of them being used to conduct espionage by the Kremlin.
The warning comes as Kaspersky Lab, a Russian cybersecurity firm was accused by the United States that their software helped steal NSA hacking tools for the Russian government.
The lab has denied any wrongdoing and Eugene Kaspersky, the CEO of the firm, said he would remove his company from Moscow if the Kremlin asked him to spy on other countries.
According to the National Cyber Security Centre, Russian cyberattacks are a serious threat to the United Kingdom and the Russian government has the ability to compromise software used in other organizations for their own agenda.
Cieran Martin, the CEO of the National Cyber Security Centre, wrote a letter to senior civil servants in which he stated that Russia is a very capable cyber threat actor that uses the internet to promote espionage.
Martin advised that since the Russia Government can use cyber security software for their own ends, a Russian based cyber security firm or antivirus software shouldn’t be used.
Martin specifically added that any information classified as “secret” and above, should not be protected by a Russian based provider.
In Martin’s letter, he said Kaspersky Lab is the largest Russian cybersecurity firm operating in the United Kingdom and the NCSC is looking into whether they can develop an independent framework that can be used to provide assurances to the government about the security of Kaspersky Lab software in order to prevent transfer of important UK data to the Russian state.
In response to Martin’s letter, Kaspersky tweeted a response saying there was no ban of his company’s software in the United Kingdom, while adding that his company was in touch with the NCSC regarding their transparency initiative, and he is confident both companies will find a way to continue working together.
Ian Levy, the NCSC’s technical director, said in a recent blog post that many government departments already know how to handle security risks, and there is almost no installation of Kaspersky Labs antivirus in central UK government.
Levy added that despite warning about using Kaspersky Lab antivirus software, there is no evidence to suggest telling the general public not to use the software because it makes little sense to have people ripping out the software.
However, Barclays Bank has taken precaution and have stopped providing free Kaspersky Lab antivirus to their customers based on the NSCS’s advice.