The British government has issued a fresh warning about the security risks of using Russian anti-virus software. The National Cyber Security Centre is to write to all government departments warning against using the products for systems related to national security, BBC reported on Friday.
The UK cyber-security agency says the software could be exploited by the Russian government. Security firm Kaspersky Labs, accused in the US of being used by the Russian state for espionage, denied wrongdoing. Kaspersky Labs is widely used by consumers and businesses across the globe, as well as by some parts of the UK government. Around the world, 400 million people use Kaspersky products.
For it to work, anti-virus software like that sold by Kaspersky Labs requires extensive access to files on computers and networks to scan for malicious code. It also requires the ability to communicate back to the company in order to receive updates and share data on what it finds.
However, the concern is that this could be used by the Russian state for espionage. Officials say the National Cyber Security Centre’s (NSCS) decision is based on a risk-analysis rather than evidence that such espionage has already taken place. In the new government guidance, Ian Levy, NCSC’s technical director, said: “Given we assess the Russians do cyber-attacks against the UK for reasons of state, we believe some UK government and critical national systems are at increased risk.”
The NCSC is understood to have been in dialogue with Kaspersky Labs and says it will explore ways of mitigating the risks to see if a system can be developed to independently verify the security of its products. It comes amid heightened concern about Russian activity against the UK. Last month, Prime Minister Theresa May warned the Russian state was acting against the UK’s national interest in cyberspace.
Following her warning, Ciaran Martin, chief executive of the NCSC, said Russia had targeted British infrastructure, including power and telecoms. Officials stress they are not recommending members of the public or companies stop using Kaspersky software. “Beyond this relatively small number of systems we see no compelling case at present to extend that advice to the wider public sector, more general enterprises, or individuals,” Levy added.
“Whatever you do, don’t panic. For example, we really don’t want people doing things like ripping out Kaspersky software at large as it makes little sense.”