Intelligence agency GCHQ has advised the UK government to ensure no Russian cybersecurity vendors are protecting Whitehall networks critical to national security.
In an update issued on Friday, National Cyber Security Centre (NCSC) CEO, Ciaran Martin, argued — as Prime Minister Theresa May did recently — that “Russia is acting against the UK’s national interest in cyberspace”.
He added:
“We advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen. In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used. This will also apply to some Official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information.”
He said this could also include departments responsible for critical infrastructure.
The news will be a blow to Moscow-headquartered Kaspersky Lab, which has been trying to clear its name after being accused in several newspapers of either working with or allowing Russian intelligence to use its products to steal sensitive info from the NSA.
Its detailed investigation of the incident in question revealed that the NSA contractor actually disabled Kaspersky Lab AV on his laptop after illegally taking his work home with him, as it had started to detect new NSA-developed malware. The firm said that backdoor malware was then installed on the machine as part of pirated software package.
The contractor in question, Vietnam-born Nghia Hoang Pho, has pleaded guilty to one count of wilful retention of national defense information, and could now face several years in jail.
However, the NCSC claimed that its current guidance — applicable solely to central government at this stage — is just a preliminary missive.
“As well as keeping this guidance under review, we are in discussions with Kaspersky Lab, by far the largest Russian player in the UK, about whether we can develop a framework that we and others can independently verify, which would give the government assurance about the security of their involvement in the wider UK market,” explained Martin.
“In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state. We will be transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions.”
However, the decision is already having an impact on Kaspersky Lab’s wider business. Barclays has withdrawn its offer to customers of free software from the provider.