Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

Risks of Using Russian Tech Analyzed by UK Cybersecurity Agency

UK analyzes risks posed by Russian tech in the context of the Ukraine war

UK analyzes risks posed by Russian tech in the context of the Ukraine war

The UK’s National Cyber Security Centre (NCSC) on Tuesday issued guidance for individuals and organizations regarding the use of Russian technology products and services in the context of the Ukraine invasion.

Cyberattacks aimed at Ukraine and attributed to Russia have increased since Moscow started to amass troops near the Ukrainian border last year, and the attacks have continued after the war began. While Russia’s recent cyberattacks appear to be focusing on Ukraine, some Western governments are concerned that Russia could launch significant cyber operations against them in response to the recent sanctions.

The White House last week warned US companies that Russia may be preparing a major cyberattack and urged them to strengthen their systems.

The UK, on the other hand, says it has not seen — and it does not expect to see — “the massive, global cyber attacks that some had predicted.”

However, the NCSC pointed out that Russia has been known to target UK entities, and the agency in 2017 warned about the potential risks posed by the use of Russian products and services, providing Kaspersky security products as an example.

Following the start of the conflict, European governments and the United States have warned about the potential risks posed by the use of Kaspersky products. The Russia-based cybersecurity firm has claimed to be neutral in the Russia-Ukraine war and has denounced politically-motivated accusations.

[ READ: Russia, Ukraine and the Danger of a Global Cyberwar ]

In its latest guidance, the NCSC advised organizations that are more likely to be targeted by Russia due to the current situation to evaluate the risks posed by the use of Russian technology.

“You may choose to remove Russian products and services proactively, wait until your contract expires (or your next tech refresh), or do it in response to some geopolitical event,” explained Ian Levy, technical director at the NCSC. “Alternatively, you may choose to live with the risk. Whatever you choose, remember that cyber security, even in a time of global unrest, remains a balance of different risks. Rushing to change a product that’s deeply embedded in your enterprise could end up causing the very damage you’re trying to prevent.”

Levy added, “Regardless of whether you’re a likely target, ongoing global sanctions could mean that Russian technology services (and support for products) may have to be stopped at a moment’s notice. This would bring a new set of risks. Enterprises should consider how such an event would affect their resilience, and consider plans for mitigation.”

The NCSC pointed out that most individual users in the UK are unlikely to be targeted by Russia and assured them that the use of Kaspersky antivirus and other products on their personal computers is safe “at the moment.” However, the agency noted that Kaspersky itself could become subject to sanctions and they may need to move to a different product if their current antivirus application stops receiving updates.

Kaspersky has long been in the crosshairs of governments due to alleged ties to Russian intelligence, accusations that the company has consistently denied. The NCSC has no evidence that Russia could try to use commercial products and services to cause damage to UK interests, but noted that Russian companies already have a legal obligation to assist the country’s security service and the pressure on companies could increase during the war.

“In our view, it would be prudent to plan for the possibility that this could happen. In times of such uncertainty, the best approach is to make sure your systems are as resilient as you can reasonably make them,” Levy said.

According to the NCSC, organizations providing services to Ukraine, high-profile companies that could represent a “PR win” for Russia, entities doing work that interferes with Russia’s interests, and critical infrastructure organizations are particularly at risk.

Critical infrastructure organizations have been advised to contact the agency if they rely on Russian tech for the operation of their systems.

Related: China’s Hacking of European Diplomats Aligns With Russia-Ukraine Conflict

Related: Cybercriminals Seek to Profit From Russia-Ukraine Conflict

Related: Russia-Ukraine: Threat of Local Cyber Operations Escalating Into Global Cyberwar

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Risk Management

A threat-based approach to security often focuses on a checklist to meet industry requirements but overlooked the key component of security: reducing risk.

Management & Strategy

Microsoft making a multiyear, multibillion dollar investment in the artificial intelligence startup OpenAI, maker of ChatGPT and other tools.

Risk Management

CISA has published a report detailing the cybersecurity risks to the K-12 education system and recommendations on how to secure it.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.