Security warning: Don’t use Russian antivirus on secret government systems, says cyber agency

The NCSC has warned that using Russian software could put the UK government at risk from being hacked by foreign attackers.
Image: iStock
The UK’s cyber security agency has issued as warning to government departments on the potential risks of using Russian antivirus or security software because of fears the Kremlin could use it to conduct espionage.
The advice from the National Cyber Security Centre comes as Russian cyber security firm Kaspersky Lab is facing accusations that its software helped with the theft of NSA hacking tools on behalf of the Russian government.
Kaspersky Lab has denied any wrongdoing and CEO Eugene Kaspersky says he’d remove his company from Moscow if the Kremlin asked them to carry out spying.
网络安全法宣传推广视频 https://v.qq.com/x/page/p050493s0f5.html
The National Cyber Security Centre (NCSC) has warned that Russian cyber attacks are a threat to the UK and that the Russian government could potentially compromise Russian software deployed within an organisation for its own ends.
“The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft,” NCSC CEO Cieran Martin wrote in a letter to senior civil servants.
“To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen,” he added.
He said in practical terms, this means that for systems processing information classified ‘secret’ and and above, a Russia-based provider “should never be used”, he said.
“This will also apply to some official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information,” he said.
The letter mentions that Kaspersky Lab is the largest Russian cyber security firm in the UK and that the NCSC is examining whether it can develop an independent framework which can be used to provide the government assurance about the security of Kaspersky Lab products and “verifiable measures to prevent the transfer of UK data to the Russian state”.
See also: Defending against cyberwar: How the cybersecurity elite are working to prevent a digital apocalypse
Tweeting in response to the advice, Eugene Kaspersky said “Let me stress: there is no ban for KL products in the UK. We are in touch with NCSC regarding our Transparency Initiative and I am sure we will find the way to work together”
In a related blog post, Ian Levy, Technical Director at the NCSC said that many government departments already handle risks well and that there’s “almost no installed base of Kaspersky AV in central government”.
But despite warnings against the use of Russian software in government, Levy said there’s “no compelling case at present to extend that advice to wider public sector, more general enterprises, or individuals”.
He said “we really don’t want people doing things like ripping out Kaspersky software at large, as it makes little sense”
Meanwhile, Barclays Bank has taken the decision to stop providing free Kaspersky Lab antivirus products to new customers as a precaution following the NCSC advice.
“The UK Government has been advised by the National Cyber Security Centre to remove any Russian products from all highly sensitive systems classified as secret or above,” the bank said in an email to customers.
“We’ve made the precautionary decision to no longer offer Kaspersky software to new users, however there’s nothing to suggest customers need to stop using Kaspersky,” Barclays added.A Kaspersky Lab spokesperson told ZDNet that the company is “disappointed Barclays has decided to discontinue offering Kaspersky Lab anti-virus to new customers.””It’s very important to note that the NCSC is not encouraging consumers or businesses against using Kaspersky Lab software,” the added.
READ MORE ON CYBER SECURITY Kaspersky Lab denies any ties to Russian government [CNET]Israeli hackers caught Russian hackers exploiting Kaspersky, NYT reports Remote code execution flaws exposed in Kaspersky Server software What is Kaspersky’s role in NSA data theft? Here are three likely outcomes Windows 10: Microsoft faces Russian probe over claim it pushes Windows Defender on users [TechRepublic]
Related Topics:

我们保障信息安全的的外部驱动力主要源自对法律法规的遵从,以及满足客户和供应商对数据安全的要求,内部驱动力主要源自于保障业务持续性、商业机密和员工个人信息,我们相信,在未来驱动信息安全的力量也会越来越大。
Security TV
Data Management
严格政府信息技术服务外包安全管理,为政府机关提供服务的数据中心、云计算服务平台等要设在境内,禁止办公用计算机安装使用与工作无关的软件。

猜您喜欢

信息安全意识考试
保密意识第一弹:准确定密并正确标识国家秘密
网络安全法宣传推广视频 004《网络安全法》的突出亮点
视频-12月劳伦斯体育时刻提名 横渡大西洋为慈善募捐
BIMEONLINE SOUTHERN-SIERRA
APT攻击将更加普遍,您准备好应对之策了么