THE UK'S NATIONAL CYBER SECURITY CENTRE (NCSC) has said this week that it has never certified Kaspersky's security software, an admission that comes just a week after the Trump administration booted the firm from two of its approved suppliers lists.
"The NCSC certifies products through a range of initiatives, and vendors apply to have their products certified via one of our accredited lab partners," the organisation said in a short statement to Reuters on Tuesday.
"We certify products through a range of initiatives, but the NCSC has never had products listed from Kaspersky."
The certification process is used, for example, to certify routers and other networking equipment deployed by BT and other network operators in the UK. Before the establishment of the NCSC, it was a function of the communications agency GCHQ.
However, in a statement to INQ, Kaspersky claimed that the original Reuters report was "extremely misleading", and pointed out that it doesn't engage in the kind of approval process that the US General Services Administration (GSA) does.
The Kaspersky statement continued: "The NCSC is not a regulator, and does not mandate or ban any products," adding that it "provides advice and guidance on how organisations can protect their networks," and that its certification schemes do not even cover "always evolving" anti-virus or anti-malware services."
Adam Maskatiya, general manager of Kaspersky Lab, UK and Ireland also weighed in: "The NCSC is not a regulator and they do not certify anti-virus products. We work closely with the public sector across the world and where required with regulatory and certification bodies."
The heightened interest in Kaspersky comes after authorities in the US removed the security software company from two public sector purchasing lists.
That decision meant that government bodies in large swathes of the US public sector are barred from buying Kaspersky products, although they can continue using Kaspersky software that is already installed.
The GSA's priorities "are to ensure the integrity and security of US government systems and networks", a spokesperson told Reuters.
Kaspersky responded to the decision by claiming that it was caught in the crossfire of a US-Russia geopolitical battle. "Kaspersky Lab has no ties to any government, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts," the company's press spokesperson told the RIA news agency.
The UK's NCSC was established as part of GCHQ in October 2016 following an announcement by the Chancellor in November 2015.
At the time, the government said that it would "bring the UK's cyber expertise together to transform how the UK tackles cyber security issues".
The statement continued: "It will be the authoritative voice on information security in the UK… Our objectives are to raise awareness of government intent; undertake genuine dialogue that shapes service delivery; demonstrate serious commitment to listen; and develop sustainable engagement channels." µ
Turns out some companies had fixed it before it came to light
There's still a timeline for Timeline but not this time
'Lack of significant enhancements' is causing lacklustre sales
How SD-WAN can fuel your businesses' digital transformation