Russian Cyber Security Firm Kaspersky Moves Away From Moscow

Russian cyber security firm Kaspersky Lab is moving key parts of its business out of Moscow in a bid to address the risks arising from its exposure to the Russian intelligence services.

Last year, the US Department for Homeland Security (DHS) and the UK's National Cyber Security Centre (NCSC) issued warnings regarding the use of Kaspersky software on critical government systems, citing legal powers in Russia, allowing the state to exert control over private companies.

The warnings left Kaspersky Lab needing to reassure customers that their data was handled properly in what it has called a global transparency initiative.

Crucial parts of its customer data processing and software production are being relocated to an automated data centre in a secured facility in the privacy haven of Zurich, where they will be open for inspection and audit by trusted third parties.

None of Kaspersky Lab's R&D staff will be based in Switzerland however. The company's vice president of public policy, Anton Shingarev, explained to Sky News that only certain automated parts of its infrastructure were being moved there, being hosted by the NYSE-listed Interxtion.

Despite NCSC's statement that it was working with Kaspersky Lab to develop a plan to prevent any UK data being captured by the Russian state, the company has instead offered, Mr Shingarev said, "a framework which is suicidal for us in case of abuse".

"If anything happens, it's going to be found sooner or later. And we intentionally, by ourselves, with our hands, [are creating] such a system."

This does not meet the standard of 100% proof that any transfers would be prevented, the VP acknowledged, but he claimed it did meet the NCSC's standards for a risk-based approach towards the company's software.

Robert Pritchard, who formerly worked for the UK government and has since founded the Cyber Security Expert consultancy, noted that Kaspersky Lab's products weren't being criticised in general and were well-thought of in the community.

"I think it was a shame that the NCSC's announcement was misinterpreted," he told Sky News, adding that on non-sensitive networks the company's products were not an issue.

That said, he added: "I have worked with clients who have very good reason to fear they're being targeted by Russian foreign intelligence, and I would encourage them to not use Kaspersky."

At a launch event celebrating the beginning of European customers' data being processed in Zurich, Mr Shingarev denounced what he saw as growing "tech nationalism" around the world with products being banned because of their country of origin, but said Kaspersky Lab would have to find a way to overcome it regardless.

The company's infrastructure, which has been moved, was implicated in media reports alleging the firm's anti-virus product was used by the Kremlin to steal secret US hacking tools from the computer of a National Security Agency employee who had illegally taken them home.

By moving them to Zurich and keeping an audit record of all of Kaspersky Lab's Moscow-based staff's interactions with them, the company aims to preclude allegations that the Russian state could secretly interfere with its business.

Saying that the data cannot be accessed in secret is not same as saying it cannot be got at all, and it is not clear how reassured the company's government customers will be by the proposed transparency facility.

Mr Shingarev told Sky News: "How can [the code review] guarantee that there is no GRU, GCHQ, CIA - name them - spies in our company? It's almost impossible to have a 100% guarantee.

“Of course we've got all these checks, of course we've got audits, of course we've got all these matters, but there is no simple fast solution to remove the risk," he added.

Sky News:

You Might Also Read:

Russian Spies Used Kaspersky Anti-V To Hack NSA

« Shush... Russian Banks Under Phishing Attack
Australia And NZ Announce Joint Pacific Cyber Cooperation »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

QASymphony

QASymphony

QASymphony software testing and QA tools help companies create better software by improving speed, efficiency and collaboration during the testing lifecycle.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Cyber 360

Cyber 360

Cyber 360 is a Cybersecurity contract and fulltime placement firm dedicated to identifying and hiring Cybersecurity professionals.

Electus Recruitment Solutions

Electus Recruitment Solutions

Electus is a leading recruitment specialist in the Engineering, Technology & Digital and Cyber & Security sectors.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Granite Partners

Granite Partners

Granite is a cloud service for the development of business risk management, cyber security and privacy and occupational safety and health.

Cyber Security Agency of Singapore (CSA)

Cyber Security Agency of Singapore (CSA)

The CSA is the national agency overseeing cybersecurity strategy, operation, education, outreach, and ecosystem development.

Data Recovery Services (DRS)

Data Recovery Services (DRS)

DRS provides data recovery services from media including hard disk drives, RAID, solid state disks SSD, memory sticks, USB drives, SD cards, tapes and mobile phones.

European Recruitment

European Recruitment

European Recruitment is an award-winning, international recruitment agency specialising in niche technology areas including Cyber Security.

CloudMask

CloudMask

CloudMask patent technology provides Dynamic Data Masking (DDM) that masks sensitive data, structured or non-structured, in real-time.

National Cybersecurity Preparedness Consortium (NCPC)

National Cybersecurity Preparedness Consortium (NCPC)

The mission of the NCPC is to provide research-based, cybersecurity-related training, exercises and technical assistance to local jurisdictions, counties, states and the private sector.

Forgepoint Capital

Forgepoint Capital

ForgePoint Capital is a premier venture investor for early stage cybersecurity companies.

Help AG

Help AG

Help AG provides leading enterprise businesses and governments across the Middle East with strategic consultancy combined with tailored information security solutions and services.

Squad

Squad

Squad provides leading expertise to ensure protection against the most complex cyber threats. Combining the best practices of DevOps and Cybersecurity, we are committed to create a secured cyber space

Shorebreak Security

Shorebreak Security

Shorebreak Securioty specialize in conducting highly accurate, safe, and reliable Information Security tests to determine the risks posed to your business.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.