Kaspersky Lab’s move from Russia to Switzerland fails to save it from Dutch oven
It has been a busy few days for beleaguered antivirus-flinger Kaspersky Lab. Today’s confirmation of an infrastructure move to Switzerland comes hot on the heels of a comment from the Netherlands government that use of the Russian firm’s software is a bit risky.
Kaspersky is moving a number of its core processes from Russia to Switzerland as part of its “Global Transparency Initiative” (aka “Please stop being horrid about our Russian connections”). The estimated costs of the move are $12m, Kaspersky told us.
The security outfit plans to open a data centre in Zurich by the end of 2019 which will store information on users in regions such as Europe, North America and Australia.
Before the end of 2018, Kaspersky Lab will have also shifted its “software build conveyor”, a set of tools that assembles the applications, and plans to sign its threat detection rule databases with a digital signature in Switzerland.
Transparent, like Swiss mountain water
The, er, Russian security biz also intends to use an independent third party to conduct technical code reviews and make the source code available for review by “responsible stakeholders”.
The Register contacted Kaspersky for a definition of the term and was told it meant “government, partners or customers that are interested in visiting the centre”. So book your tickets, get in line and fill your boots.
Eugene Kaspersky, CEO of the eponymous software maker, said:
Meanwhile, GCHQ offshoot the National Cyber Security Centre, which last year effectively banned the use of Russian antivirus products from government departments said of the Kaspersky Labs announcement:
With action under way in the US to remove Kaspersky software from government PCs, the current NCSC block on the use of its AV on systems processing information classified SECRET still in place in the UK, and Twitter turning its nose up at the firm’s ad money, the vendor is hoping that a caring, transparent image might waft away the lingering odour of Russian interference.
Dutch heat
But that may be a little too late for the government of the Netherlands. Justice Minister Ferdinand Grapperhaus has issued a letter with stern words for the Russian outfit.
In it he warned the Russian Federation has an active offensive cyber programme focused on Dutch interests and pointed out that Kaspersky is a Russian company, headquartered in Russia and so subject to Russian legislation. He said, “as a precautionary measure, [the use of] Kaspersky antivirus software [in] the national government will be phased out.”
The Dutch Cabinet feels that there is a risk of espionage through the use of Kaspersky’s products and so recommended the software is not used (aligning with the US and UK), although the even-handed politicos also pointed out that there are no concrete cases of abuse in the Netherlands.
A spokesperson from Kaspersky Lab told The Register:
Graham Cluley, an infosec watcher, agreed that it was all rather unfortunate and perhaps a little unfair on the software maker, telling The Register:
As the US imposes hefty sanctions on a number of Russian businesses, keeping Kaspersky Lab headquartered in the Russian Federation may still be a pill too bitter to swallow for Western governments. ®
Sponsored: Minds Mastering Machines – Call for papers now open
READ MORE HERE