UK Govt issues antivirus national security warning amid Russia fears
LONDON – Government departments have been warned against using antivirus software made by tech firms with links to Russia amid concerns over national security.
Ciaran Martin, head of the National Cyber Security Centre (NCSC), said Russia has the intent “to target UK central Government and the UK’s critical national infrastructure” and there are “obvious risks around foreign ownership” of companies that produce anti-virus (AV) software.
In a letter to Whitehall chiefs agreed with MI5, he described Russia as a “highly capable cyber threat actor” which uses cyberspace for “espionage, disruption and influence operations”.
The NCSC is in discussion with the largest Russian player in the UK, Kaspersky Lab, in order to develop checks to prevent “transfer of UK data to the Russian state,” Mr Martin said.
Russia stands accused of meddling in the 2016 US election, while MPs have questioned if the Moscow has sought to interfere in UK elections and the Brexit referendum.
Prime Minister Theresa May used a November speech to issue a message to Russian president Vladimir Putin that the international community was aware of his country’s efforts to spread fake news in an attempt to “sow discord in the West”.
Mr Martin has previously warned that Russian hackers have targeted the UK energy network, telecoms and the media in the past year.
However his letter said most people and companies in the UK were not under threat of state-backed cyber attacks, but rather from criminal gangs.
He said: “The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft.
“This includes espionage, disruption and influence operations. Russia has the intent to target UK central Government and the UK’s critical national infrastructure.
“However, the overwhelming majority of UK individuals and organisations are not being actively targeted by the Russian state, and are far more likely to be targeted by cyber criminals.
“In drawing this guidance to (department heads’) attention today, it is our aim to enable departments to make informed, risk-based decisions on (their) choice of AV provider.
“To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen.” – The Telegraph