Security

UK government bans all Russian anti-virus software from Secret-rated systems

Starts talks with Kaspersky to 'prevent the transfer of UK data to the Russian state'

By Simon Sharwood

98 SHARE

The United Kingdom's National Cyber Security Centre has effectively banned the use of Russian anti-virus products from government departments and revealed it is trying to “prevent the transfer of UK data to the Russian state” from Kaspersky Labs software.

A guidance note published last Friday and distributed to permanent secretaries of government departments, addressed “The issue of supply chain risk in cloud-based products, including anti-virus (AV) software” and explained “how departments should approach the issue of foreign ownership of AV suppliers.”

The advice is simple:

“… where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used.”

The guidance stated that its decision “will also apply to some Official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information.”

The letter added that the National Cyber Security Centre is “in discussions with Kaspersky Lab … about whether we can develop a framework that we and others can independently verify, which would give the Government assurance about the security of their involvement in the wider UK market.”

“In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state.”

The guidance continued: “We will be transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions.”

The guidance quickly caused other problems for Kaspersky's UK outfit, as British banking giant Barclays has written to customers to advise it's discontinuing an offer of free Kaspersky software for users of its online banking services.

The letter, shared with The Register by a reader explains the decision as follows:

The UK Government has been advised by the National Cyber Security Centre to remove any Russian products from all highly sensitive systems classified as secret or above.

We've made the precautionary decision to no longer offer Kaspersky software to new users, however there's nothing to suggest customers need to stop using Kaspersky.

The letter said customers need take no action and should ensure they run AV software.

Kaspersky Lab said, in a statement sent to The Register, that it "appreciates the collaborative, risk management-based approach taken by the NCSC with regards to identifying and mitigating any potential information security risks involved in the sourcing of IT products."

"Kaspersky Lab fully agrees that supply chain risk management is critical to information security, and therefore, we look forward to continuing our dialogue with the NCSC to develop a framework that can independently verify and provide assurance of the integrity of Kaspersky Lab’s products and services."

We have also sought comment regarding Barclays' actions and will update this story if further information becomes available. ®

Sign up to our NewsletterGet IT in your inbox daily

98 Comments

More from The Register

NSA dev in the clink for 5.5 years after letting Kaspersky, allegedly Russia slurp US exploits

Bloke sent down after spilling Uncle Sam's cyber-weapons

Remember those stolen 'NSA exploits' leaked online by the Shadow Brokers? The Chinese had them a year before

Or so claims Symantec

We're Putin our foot down! DHS, FBI blame Russia for ongoing infrastructure hacks

Alert adds detail to 'Dragonfly' cyber-attack disclosed last year

Senator: US govt staff may be sending their smartphone web traffic 'wrapped in a bow' to Russia, China via VPNs

No policy to stop use of dodgy foreign network providers. You'd hope common sense would prevail, but...

Protip: No, the CIA will not call off a pedophilia probe into your life in exchange for Bitcoin

Kaspersky warns of fake 'dirty agent' scam circulating

CIA notices Big Red sh!tstorm around Pentagon's JEDI: Um, can we have multiple cloud vendors, please?

US spy agency plans to award multibillion-dollar deal in 2021

Client-attorney privilege? Not when you're accused of leaking Vault 7 CIA code

Lawyer for Joshua Schulte unhappy about agency review

NSA boss: Trump won't pull trigger for Russia election hack retaliation

And Uncle Sam's limp-cock response means Putin will keep on meddling with our affairs

Bank-account-raiding Goznym malware bust: Five suspects collared, five still on the run. $100m feared stolen

Most exciting Enid Blyton book yet – Five accused of international fraud?

No dice, comrade! Senate floats Russia-busting election law

Proposed bill would bring immediate sanctions for tampering with democracy