The United Kingdom’s National Cyber Security Centre has effectively banned the use of Russian anti-virus products from government departments and revealed it is trying to “prevent the transfer of UK data to the Russian state” from Kaspersky Labs software.
A guidance note published last Friday and distributed to permanent secretaries of government departments, addressed “The issue of supply chain risk in cloud-based products, including anti-virus (AV) software” and explained “how departments should approach the issue of foreign ownership of AV suppliers.”
The advice is simple:
“… where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used.”
The guidance stated that its decision “will also apply to some Official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information.”
The letter added that the National Cyber Security Centre is “in discussions with Kaspersky Lab … about whether we can develop a framework that we and others can independently verify, which would give the Government assurance about the security of their involvement in the wider UK market.”
“In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state.”
The guidance continued: “We will be transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions.”
The guidance quickly caused other problems for Kaspersky’s UK outfit, as British banking giant Barclays has written to customers to advise it’s discontinuing an offer of free Kaspersky software for users of its online banking services.
The letter, shared with The Register by a reader explains the decision as follows:
一分钟的信息安全意识动画片,轻松演绎企业信息安全基础知识。
The UK Government has been advised by the National Cyber Security Centre to remove any Russian products from all highly sensitive systems classified as secret or above.
We’ve made the precautionary decision to no longer offer Kaspersky software to new users, however there’s nothing to suggest customers need to stop using Kaspersky.
The letter said customers need take no action and should ensure they run AV software.
Kaspersky Lab said, in a statement sent to The Register, that it “appreciates the collaborative, risk management-based approach taken by the NCSC with regards to identifying and mitigating any potential information security risks involved in the sourcing of IT products.”
“Kaspersky Lab fully agrees that supply chain risk management is critical to information security, and therefore, we look forward to continuing our dialogue with the NCSC to develop a framework that can independently verify and provide assurance of the integrity of Kaspersky Lab’s products and services.”
We have also sought comment regarding Barclays’ actions and will update this story if further information becomes available. ®
大批组织尝试使用“网络安全挑战赛”来吸引和刺激员工对信息安全的关注。
多家安全厂商受到攻击,黑客通过数据库注入获得员工、合作伙伴和销售人员的邮件地址,这些日子网络安全厂商被黑的事故真多,这真令人担心,安全公司连自己都保护不了,如何保护客户啊。

猜您喜欢

中国顶级黑客关注安全意识培训
信息安全意识培训游戏之安全防御战
网络安全法宣传推广视频 https://v.qq.com/x/page/p050493s0f5.html
司机未经过违章点却被记两次 看到真相大吃一惊
MIXPO COMBLOCK
商业银行信息科技风险中的人员安全问题研究