Britain's National Cyber Security Centre (NCSC) is warning government agencies not to use Russia-based cybersecurity products like Kaspersky Lab on classified networks, according to a December 1 memo. The move comes a few months after the United States essentially barred Kaspersky's anti-virus software from U.S. federal networks.
Britain and the United States are concerned that Kaspersky may be working with Russia, but the software company has repeatedly denied such claims.
The NCSC warning included this advice about avoiding security software from Russia-based companies:
"...for systems processing information classified SECRET and above, a Russia-based provider should never be used. This will also apply to some Official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information."
Still, the NCSC warning included some rays of hope for Kaspersky. Indeed, the agency is in discussions with Kaspersky about gaining "verifiable measures to prevent the transfer of UK data to the Russian state." The agency plans to be "transparent about the outcome of those discussions with Kaspersky Lab and we will adjust our guidance if necessary in the light of any conclusions."
For its part, Kaspersky has been developing a transparency initiative to mitigate concerns about the company's alleged Russia ties -- which have never been publicly proven. The controversy has spilled over into the U.S. consumer market, where such companies as Best Buy, Office Depot and Staples have halted sales of the company's software.