A branch of the UK intelligence forces has sent out a letter to UK government departments and agencies about the use of Russian antivirus software to protect computers that store classified information.
Ciaran Martin, CEO of the UK National Cyber Security Centre (NCSC) has signed the letter. The NCSC is a branch of the UK Government Communications Headquarters (GCHQ), the country’s official intelligence and security agency.
Letter warns against software made in hostile states
Martin made the letter publicly available on Friday, December 1, in which it warned government departments about “the issue of supply chain risk in cloud-based products, including anti-virus (AV) software.”
Specifically, Martin urges that unwittingly, some agencies might have included products in their software portfolios from companies residing in “hostile states.”
Martin then references a speech from the UK Prime Minister, and says that “Russia is acting against the UK’s national interest in cyberspace.”
As such, UK government agencies should be wary of using software products from Russia. Out of all products, Martin highlights antivirus software because of the intrusive and full access an antivirus needs on installed computers.
Letter contains an advice, not a ban
The official stopped short of calling for an outright ban of Russian software on UK government computers but said that for some systems, choosing a Russian antivirus product may not be wise, and recommended against it.
To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a…