Russian Cyber Security Firm Kaspersky Moves Away From Moscow

Russian cyber security firm Kaspersky Lab is moving key parts of its business out of Moscow in a bid to address the risks arising from its exposure to the Russian intelligence services.

Last year, the US Department for Homeland Security (DHS) and the UK's National Cyber Security Centre (NCSC) issued warnings regarding the use of Kaspersky software on critical government systems, citing legal powers in Russia, allowing the state to exert control over private companies.

The warnings left Kaspersky Lab needing to reassure customers that their data was handled properly in what it has called a global transparency initiative.

Crucial parts of its customer data processing and software production are being relocated to an automated data centre in a secured facility in the privacy haven of Zurich, where they will be open for inspection and audit by trusted third parties.

None of Kaspersky Lab's R&D staff will be based in Switzerland however. The company's vice president of public policy, Anton Shingarev, explained to Sky News that only certain automated parts of its infrastructure were being moved there, being hosted by the NYSE-listed Interxtion.

Despite NCSC's statement that it was working with Kaspersky Lab to develop a plan to prevent any UK data being captured by the Russian state, the company has instead offered, Mr Shingarev said, "a framework which is suicidal for us in case of abuse".

"If anything happens, it's going to be found sooner or later. And we intentionally, by ourselves, with our hands, [are creating] such a system."

This does not meet the standard of 100% proof that any transfers would be prevented, the VP acknowledged, but he claimed it did meet the NCSC's standards for a risk-based approach towards the company's software.

Robert Pritchard, who formerly worked for the UK government and has since founded the Cyber Security Expert consultancy, noted that Kaspersky Lab's products weren't being criticised in general and were well-thought of in the community.

"I think it was a shame that the NCSC's announcement was misinterpreted," he told Sky News, adding that on non-sensitive networks the company's products were not an issue.

That said, he added: "I have worked with clients who have very good reason to fear they're being targeted by Russian foreign intelligence, and I would encourage them to not use Kaspersky."

At a launch event celebrating the beginning of European customers' data being processed in Zurich, Mr Shingarev denounced what he saw as growing "tech nationalism" around the world with products being banned because of their country of origin, but said Kaspersky Lab would have to find a way to overcome it regardless.

The company's infrastructure, which has been moved, was implicated in media reports alleging the firm's anti-virus product was used by the Kremlin to steal secret US hacking tools from the computer of a National Security Agency employee who had illegally taken them home.

By moving them to Zurich and keeping an audit record of all of Kaspersky Lab's Moscow-based staff's interactions with them, the company aims to preclude allegations that the Russian state could secretly interfere with its business.

Saying that the data cannot be accessed in secret is not same as saying it cannot be got at all, and it is not clear how reassured the company's government customers will be by the proposed transparency facility.

Mr Shingarev told Sky News: "How can [the code review] guarantee that there is no GRU, GCHQ, CIA - name them - spies in our company? It's almost impossible to have a 100% guarantee.

“Of course we've got all these checks, of course we've got audits, of course we've got all these matters, but there is no simple fast solution to remove the risk," he added.

Sky News:

You Might Also Read:

Russian Spies Used Kaspersky Anti-V To Hack NSA

« Shush... Russian Banks Under Phishing Attack
Australia And NZ Announce Joint Pacific Cyber Cooperation »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Fenror7

Fenror7

Fenror7 lowers the TTD (Time To Detection) of hackers, malwares and APTs in enterprises and organizations from 300 days on average to 24 hrs or less.

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity

Rohde & Schwarz Cybersecurity provide solutions for Secure Networks, Secure Communications, Network Analysis, and Endpoint Security.

Clusit

Clusit

Clusit is the Italian Association for Information Security, a nonprofit organization devoted to promoting every aspect of information security.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

InnoSec

InnoSec

InnoSec is a software manufacturer of cyber risk management technology.

ENEA Qosmos Division

ENEA Qosmos Division

Qosmos, a division of Enea, leads the market for IP traffic classification and network intelligence technology used in physical, SDN and NFV architectures.

Oneconsult

Oneconsult

Oneconsult provides cyber security services focusing on penetration tests / ethical hacking, ISO 27001 security audits and incident response & IT forensics.

La Fosse Associates

La Fosse Associates

The InfoSec Recruitment team at La Fosse Associates specialises in placing Information Security & Risk professionals on a permanent and contract basis.

AlertSec

AlertSec

AlertSec Ensure is a U.S. patented technology that allows you to educate, verify and enforce encryption compliance of third-party devices.

Myota

Myota

Myota intelligently equips each file to be resilient and achieve Zero Trust-grade protection. Withstand ransomware and data breach attacks. Reduce data restoration time and effort.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

SE Ventures

SE Ventures

SE Ventures provides capital to big ideas and bold entrepreneurs who can benefit from Schneider Electric's deep domain expertise, R&D assets, and global customer base.

Cyber1

Cyber1

CYBER1 is a leader in cyber security advisory and solutions. We are uniquely placed to help customers achieve cyber resilience and thus, safeguard reputation and value.

Smartcomply

Smartcomply

Smartcomply is an automated and AI-powered cybersecurity and compliance platform that aids businesses in reducing the time and money spent on cybersecurity and compliance.

AppSentinels

AppSentinels

Appsentinels are a group of security and technology experts with a mission to fix gaps in application security.

Nicos AG

Nicos AG

Nicos AG specializes in secure, global data communication.