LONDON (Reuters) – Britain’s cybersecurity centre on Tuesday said organisations providing services related to Ukraine or critical infrastructure should reconsider the risk associated with using Russian computer technology in their supply chains.
“We have no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests, but the absence of evidence is not evidence of absence,” the National Cyber Security Centre (NCSC), part of Britain’s GCHQ eavesdropping intelligence agency, said in a blog post.
Organisations which provide services to Ukraine, critical infrastructure, or could represent a public relations “win” for Russia if compromised should “specifically consider the risk of Russian-controlled parts of their supply chain,” the post said.
Earlier this month Italy said its public authorities should replace any antivirus software linked to Russia, while Germany warned customers of Moscow-based Kaspersky Lab that its software poses a serious risk of attacks from hackers.
Last week, the United States added Kaspersky Lab to its list of communications equipment and service providers deemed threats to U.S. national security.
Kaspersky Lab has described such measures as politically motivated.
The NCSC did not specifically warn against Kaspersky Lab software, but advised that its users may need to change antivirus providers if Kaspersky Lab itself were to be sanctioned.
“If you are more likely to be a target for the Russian state because of what’s going on, then it would be prudent to consider your reliance on all types of Russian technology products or services, including but not limited to cloud-enabled products such as (antivirus software),” the post said.
(Reporting by James Pearson, Editing by Louise Heavens)