British cybersecurity experts have warned UK government officials about a possible cyber espionage attack conducted through the Russian anti-virus software Kaspersky. The United Kingdom’s National Cyber Security Centre published a special letter addressed to the government departments of the country. The letter reveals the experts’ concerns that Russian agents could try to disrupt UK’s national interests through targeted attacks aimed at government officials.
The cybersecurity agency recommends that no anti-malware company related to Russia, or based in Russia, should be chosen to protect government systems in the UK. Whenever there is any risk that the access of Russian state officials to processed data could compromise the British national security, a Russian cybersecurity provider should no be chosen. In particular, the warning concerns government systems which handle information classified “SECRET,” or above.
The US has also issued a warning against the use of Russian software at government agencies earlier this year, yet the UK approach seems different. In the US, there were also indications that the FBI briefed several large US private and public companies on the risks associated with Kaspersky, and other Russian based software products, encouraging these companies to choose other alternative software solutions instead. The UK officials, on the other hand, announced they would be working together with Kaspersky in an attempt to review the Russian company’s products and evaluate whether they are eligible for use by the government or not. The goal is to develop a framework of independently verifiable measures which would prevent the transfer of UK data to Russian state officials. The outcome of these discussions should be made public, the officials promised, stating also they are inclined to adjust their guidance if needed. Representatives of Kaspersky itself have expressed their willingness to cooperate in addressing these security concerns.
While the letter of the UK National Cyber Security Centre targets only state institutions, the suspicions of Russian cyber espionage through anti-virus software have echoed in the public sector as well. Several companies in the UK have already abandoned the use of Kaspersky products on their machines, including Barclays bank. The bank declared it would no longer offer the Russian vendor’s products through Barclay’s customer website.