The UK’s National Cyber Security Centre has warned against using Russian anti-virus software over concerns of UK data transferring to Russia.
In particular, the guidance affects Kaspersky Lab, a Russian-based anti-virus software firm, which has been caught up amongst concerns over Russian hacking in the US election.
Timeline for Crossing borders
- April 1, 2020
- January 23, 2020
- September 12, 2019
Ciaran Martin, the chief executive of the NCSC, wrote a letter to the permanent secretaries of UK government departments explaining the reasons for what is effectively a ban on Russian software.
Martin said that as anti-virus software detects malware in a network to get rid of it, it must be able to communicate with the vendor so it knows what it is looking for and what needs to be done.
We need to be vigilant to the risk that an [anti-virus] product under the control of a hostile actor could extract sensitive data from that network, or indeed cause damage to the network itself. This is why country of origin matters.
To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based anti-virus company should not be chosen.
The NCSC also says it has begun working with Kaspersky Lab to develop a framework to prevent that transfer of UK data to the Russian state.
What’s going on at Kaspersky Lab?
Earlier this year, the US government banned government agencies from using any software products made by Kaspersky Lab. This followed a Bloomberg story which reported alleged links between the firm and the Russian government.
At the time, the Department of Homeland Security said:
The department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies.
The consumer electronics store, Best Buy, said it would no longer be selling Kaspersky Lab software.
As well, in the UK, Barclays Bank has removed the offer of free Kaspersky Lab software for people using its online banking services.
We’ve made the precautionary decision to no longer offer Kaspersky software to new users. However, there’s nothing to suggest that customers need to stop using Kaspersky.
In a statement issued to Verdict, Kaspersky Lab says it is disappointed Barclays as decided to discontinue the offering of its anti-virus software to customers.
The company added: “It’s very important to note that NCSC is not encouraging consumers or businesses against using Kaspersky Lab software.”
How can Kaspersky Lab move on from this?
Whilst the NCSC advised against government agencies using Russian anti-virus software, like Kaspersky Lab’s offering, it said:
We see no compelling case at present to extend that advice to the wider public sector, more general enterprises or individuals.
We really don’t want people doing things like ripping out Kaspersky software at large, as it makes little sense.
Earlier this year, the firm launched its Global Transparency Initiative. Amongst other things, the initiative aims to “engage the broader information security community and other stakeholders in validating and verifying the trustworthiness of its products.”
This demonstrates that Kaspersky Lab is trying to rectify its image. The initiative aims to move away from the negative associations from the Russian government.
The firm’s chairman and chief executive, Eugene Kaspersky, said:
We need to re-establish trust in relationships between companies, governments, and citizens. That’s why we’re launching this Global Transparency Initiative: we want to show how we’re completely open and transparent. We’ve nothing to hide.
However, Kaspersky’s attempts at openness will only go so far.
Until issues surrounding Russian hacking in the US presidential election and Brexit referendum are fully understood and resolved, it looks like suspicion will continue to affect the company.