The head of Britain’s top cybersecurity agency has warned the U.K. government against using Russian antivirus products amid concerns surrounding Kaspersky Lab, the Moscow-based software vendor recently banned by U.S. officials over its alleged ties to Russian intelligence.
Ciaran Martin, the director of the U.K. National Cyber Security Centre, warned British agencies against installing Russian products including specifically Kaspersky software in a letter distributed to agency heads and published online Friday evening, December 1.
“The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft. This includes espionage, disruption and influence operations,” the letter said. “Russia has the intent to target U.K. central Government and the U.K.’s critical national infrastructure.”
“We advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen,” Mr. Martin added wrote department heads. “In practical terms, this means that for systems processing information classified SECRET and above, a Russia-based provider should never be used.”
The NCSC has contacted Kaspersky about developing a framework for independently verifying its products, “which would give the government assurance about the security of their involvement in the wider U.K. market,” Mr. Martin wrote.
“In particular we are seeking verifiable measures to prevent the transfer of UK data to the Russian state,” his letter said.
Kaspersky Lab told The Washington Times it appreciates the NCSC’s “collaborative, risk management-based approach,” and it said in a statement that it looks forward to continuing dialogue with the agency towards developing a framework that can “independently verify and provide assurance of the integrity” of its products.
“It’s very important to note that the NCSC is not encouraging consumers or businesses against using Kaspersky Lab software,” the company said in a statement to Forbes.
The NCSC directive appeared to have immediate consequences beyond the British government. Barclays, the London-based multinational bank, notified about 290,000 customers on Saturday to say it would no longer be offering a free 12-month Kaspersky trial to account holders.
“The U.K. government has been advised…to remove any Russian products from all highly sensitive systems classified as secret or above,” Barclays said, BBC reported. “We’ve made the precautionary decision to no longer offer Kaspersky software to new users.”
Kaspersky is “disappointed” by Barclay’s decision, a spokesperson told BBC.
The NCSC warning comes on the heels of a directive issued by the U.S. Department of Homeland Security in September ordering all federal departments to identify, remove and discontinue Kaspersky products.
“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said Sept. 13.
Multiple news reports have since indicated that Russian hackers stole classified documents from a U.S. government worker who installed Kaspersky antivirus software on their personal computer.
Russia has denied hacking U.S. targets, and Kaspersky has denied colluding with Russia or other governments.