The UK's cybersecurity agency has issued a warning to government departments on the potential risks of using Russian antivirus or security software because of fears the Kremlin could use it to conduct espionage.
The National Cyber Security Centre (NCSC) has warned that Russian cyberattacks are a threat to the UK and that the Russian government could potentially compromise Russian software deployed within organisations for its own ends.
"To that end, we advise that where it is assessed that access to the information by the Russian state would be a risk to national security, a Russia-based AV company should not be chosen," he added.
He said in practical terms, this means that for systems processing information classified 'secret' and and above, a Russia-based provider "should never be used", he said.
"This will also apply to some official tier systems as well, for a small number of departments which deal extensively with national security and related matters of foreign policy, international negotiations, defence and other sensitive information," he said.
The letter mentions that Kaspersky Lab is the largest Russian cybersecurity firm in the UK and that the NCSC is examining whether it can develop an independent framework which can be used to provide the government assurance about the security of Kaspersky Lab products and "verifiable measures to prevent the transfer of UK data to the Russian state".
Tweeting in response to the advice, Eugene Kaspersky said "Let me stress: there is *no* ban for KL products in the UK. We are in touch with NCSC regarding our Transparency Initiative and I am sure we will find the way to work together."
In a related blog post, Ian Levy, technical director at the NCSC, said that many government departments already handle risks well and that there's "almost no installed base of Kaspersky AV in central government".
But despite warnings against the use of Russian software in government, Levy said there's "no compelling case at present to extend that advice to wider public sector, more general enterprises, or individuals".
He said "we really don't want people doing things like ripping out Kaspersky software at large, as it makes little sense".
Meanwhile, Barclays Bank has taken the decision to stop providing free Kaspersky Lab antivirus products to new customers as a precaution following the NCSC advice.
"The UK Government has been advised by the National Cyber Security Centre to remove any Russian products from all highly sensitive systems classified as secret or above," the bank said in an email to customers.
"We've made the precautionary decision to no longer offer Kaspersky software to new users, however there's nothing to suggest customers need to stop using Kaspersky," the email added.
"Barclays treats the security of our customers very seriously. Even though this new guidance isn't directed at members of the public, we have taken the decision to withdraw the offer of Kaspersky software from our customer website," a Barclays spokesperson told ZDNet.
A Kaspersky Lab spokesperson told ZDNet that the company is "disappointed Barclays has decided to discontinue offering Kaspersky Lab anti-virus to new customers".
"It's very important to note that the NCSC is not encouraging consumers or businesses against using Kaspersky Lab software," the company added.