NCSC advises some organisations to reconsider use of Russian tech

Technical director Ian Levy provides update following invasion of Ukraine

NCSC advises some organisations to reconsider use of Russian tech

The UK's cybersecurity body has urged some organisations and businesses to consider the risks of using Russian technology and software amid the invasion of Ukraine.

Advice from Ian Levy, technical director of the National Cyber Security Centre (NCSC), follows guidance released in 2017 warning those involved in national security about the use of Russian products.

And the latest blog post says public sector organisations, organisations providing services to Ukraine, high profile organisations, those involved in critical infrastructure and those doing work that could be seen as opposed to Russia's interests should consider their reliance on Russian technology.

While Levy insists there is currently "no evidence that the Russian state intends to suborn Russian commercial products and services to cause damage to UK interests", he warns that the "absence of evidence is not evidence of absence".

"If you are more likely to be a target for the Russian state because of what's going on, then it would be prudent to consider your reliance on all types of Russian technology products or services (including, but not limited to, cloud-enabled products such as AV)," Levy said.

"If you use services that are provided out of Russia (including development and support services), then you should think about how you could insulate yourself from compromise or misuse of these services.

"This is true whether you contract directly with a Russian entity, or it just so happens that the people who work for a non-Russian company are located in Russia."

Levy also warns that global sanctions could mean Russian technology might halt at any time, which poses new problems, and urges any critical infrastructure providers reliant on Russian tech to speak to the NCSC.

The use of security software Kaspersky likely does not pose a threat to individuals, the NCSC states, but says sanctions on the company could create the need to move to a new antivirus provider.

"This conflict has changed the world order, and the increased risk and uncertainty aren't going away any time soon. However, the best thing to do is to make plans, ensure your systems are as resilient as practical and have good recovery plans," Levy added.