Cybersecurity chief issues antivirus national security warning amid Russia fears

Updated: 

Government departments have been warned against using antivirus software made by tech firms with links to Russia amid concerns over national security.

Ciaran Martin, head of the National Cyber Security Centre (NCSC), said Russia has the intent "to target UK central Government and the UK's critical national infrastructure" and there are "obvious risks around foreign ownership" of companies that produce anti-virus (AV) software.

In a letter to Whitehall chiefs agreed with MI5, he described Russia as a "highly capable cyber threat actor" which uses cyberspace for "espionage, disruption and influence operations".

Ciaran Martin wrote to Whitehall (PA)
Ciaran Martin wrote to Whitehall (PA)

The NCSC is in discussion with the largest Russian player in the UK, Kaspersky Lab, in order to develop checks to prevent "transfer of UK data to the Russian state," Mr Martin said.

Russia stands accused of meddling in the 2016 US election, while MPs have questioned if the Moscow has sought to interfere in UK elections and the Brexit referendum.

Prime Minister Theresa May used a November speech to issue a message to Russian president Vladimir Putin that the international community was aware of his country's efforts to spread fake news in an attempt to "sow discord in the West".

Mr Martin has previously warned that Russian hackers have targeted the UK energy network, telecoms and the media in the past year.

However his letter said most people and companies in the UK were not under threat of state-backed cyber attacks, but rather from criminal gangs.

He said: "The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft.

"This includes espionage, disruption and influence operations. Russia has the intent to target UK central Government and the UK's critical national infrastructure.

"However, the overwhelming majority of UK individuals and organisations are not being actively targeted by the Russian state, and are far more likely to be targeted by cyber criminals.

NEW guidance outlining the risks of locally installed products interacting with cloud services, and suggestions to help manage the risk https://t.co/eHPpDdmyL0pic.twitter.com/LLxX7JjP7r

-- NCSC UK (@ncsc) December 1, 2017

"In drawing this guidance to (department heads') attention today, it is our aim to enable departments to make informed, risk-based decisions on (their) choice of AV provider.

"To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen."

The NCSC is concerned that the hackers backed by the Russian state could exploit AV software and has opened talks with Kaspersky Lab, one of the world's largest cybersecurity firms which has headquarters in Moscow.

Mr Martin said it is hoped they can develop an independent means on checking the company's products to "give the Government assurance about the security of their involvement in the wider UK market".

The company's co-founder, Eugene Kaspersky, has denied any wrongdoing by the company, telling the BBC earlier this week: "It's not true that the Russian state has access to the data. There are no facts about that."

NCSC technical director Ian Levy said the issue was "complex and nuanced" and urged the public not to panic.

"We really don't want people doing things like ripping out Kaspersky software at large, as it makes little sense," he said in a blog. "There's almost no installed base of Kaspersky AV in central government," he said.

"Beyond this relatively small number of systems, we see no compelling case at present to extend that advice to wider public sector, more general enterprises, or individuals."