Cyber centre warn government departments against using Russian antivirus tools
The UK's National Cyber Security Centre (NCSC) has issued fresh warnings to all government departments against using Russian-based antivirus software, as fears mount that they could pose a risk to national security.
Official NCSC advice, updated over the weekend, claims that software such as Kaspersky Lab's antivirus suite could be exploited by the Russian government, at a time when the company is being investigated in the US.
Although the company denies any wrongdoing or any ties with Moscow, and planned to open up its source code for independent review of its source code, the US has since moved to ban the software from all government departments.
Until now, the UK government has been quiet about its use of Russian-based products, however, in a letter addressed to department secretaries last Friday, NCSC CEO Ciaran Martin said that Russian products "should not be chosen".
"The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft," he wrote. "This includes espionage, disruption and influence operations. Russia has the intent to target UK central government and the UK's critical national infrastructure."
The advice, which also provides guidance for best security practices with cloud services, suggests that the government is willing to work alongside the likes of Kaspersky rather than seek an outright ban.
"We are in discussions with Kaspersky Lab, by far the largest Russian player in the UK, about whether we can develop a framework that we and others can independently verify, which would give the government assurance about the security of their involvement in the wider UK market," the letter added.
It added that the initial guidance was only aimed at central government departments, and it doesn't recommend any action in by public bodies outside of Westminster, nor does it suggest companies or the public stop using Kaspersky products.
However, as a result of the updated guidelines, Barclays has stopped offering the option of free Kaspersky software to its new customers as a "precautionary decision", and has advised those who have yet to install the suite to look for an alternative provider.
"Even though this new guidance isn't directed at members of the public, we have taken the decision to withdraw the offer," said a Barclays spokesperson, speaking to the BBC.
Simon Edwards, European cyber security architect at Trend Micro, said that any vulnerability in antivirus products is likely to be targeted at government, rather than the public.
"Reading into the research carried out by the US, it would seem that the vulnerability posed by Kaspersky was one that could only be used by the most sophisticated of attackers (i.e. state-sponsored)," said Edwards, speaking to IT Pro. "Therefore, if the organisation feels that they could be targeted by such a threat actor (i.e. government agencies), then there is a potential risk that should be addressed."
Let me stress: there is *no* ban for KL products in the UK. We are in touch with @NCSC regarding our Transparency Initiative and I am sure we will find the way to work together
— Eugene Kaspersky (@e_kaspersky) December 2, 2017
The NCSC's new stance comes a week after the newly formed Intelligence and Security Committee announced it was considering launching an investigation into Russian meddling against the UK.
Many MPs, including Labour's Mary Creagh, have suggested that Russia was behind a series of fake social media accounts created to try and influence the Brexit referendum result by spreading fake news.
We've asked Kaspersky Lab for comment. CEO Eugene Kaspersky said in a tweet: "Let me stress: there is *no* ban for KL products in the UK. We are in touch with @NCSC regarding our Transparency Initiative and I am sure we will find the way to work together."
This initiative involves opening three "Transparency Centres" in Asia, Europe and the US by 2020.