Kaspersky says Dutch govt did not give it much warning about its decision to stop all cooperation

Thursday 17 May 2018 | 13:50 CET | News

The Dutch government has stopped every form of cooperation with Kaspersky Lab Benelux in the run-up to the decision to phase out the security provider’s antivirus software from central government. The financial consequences of the decision are still unclear, but the reputational damage is great. That is what Harco Enting, GM of Kaspersky Lab Benelux, said in response to questions from Telecompaper.

On 14 May, Minister Ferdinand Grapperhaus of Security and Justice announced that government authorities are going to phase out the use of antivirus software from Russia’s Kaspersky. According to the ministry, the risk that the company is compromised due to links with the Russian government is just too great. Grapperhaus is advising organisations that provide vital services, such as energy and communication, to take similar steps.

Russia has been accused several times over the last few years of hacking attacks on targets in Western countries. Accusations include large-scale malware attacks in 2017. The relocation of some of Kaspersky's activities from Russia to Switzerland, also announced this week, does not alter the mandatory cooperation between Kaspersky and the Russian government, Grapperhaus said. The Dutch government said it made its decision independently, and not in response to similar ones taken by the US and UK.

Government stopped everything

"We were aware that the government was carrying out an inventory among government organisations and companies in the vital infrastructure," said Enting. "We made contact several times by mail and telephone to offer our help, to provide insight into our processes and our source code etc. and to start a dialogue. However, the government stopped everything until conclusion of the investigation and its decision. We were informed about this decision three hours before its announcement."

According to the Kaspersky Lab Benelux director, it is still difficult to determine the direct and indirect consequences of the government decision. It has only just happened and the future will show what the consequences are to be in terms of financial matters. "But of course there is serious reputational damage because an unjust impression is created that Kaspersky does not provide reliable software products, while many worldwide studies prove the contrary, by market analysts such as Gartner. We will certainly also suffer loss of sales though how much is difficult to estimate. In the US, we have suffered from this; in the UK to a lesser extent."

Decision harms entire sector

Enting believes the decision however will go beyond mere financial or even reputational damage: it will damage the entire cybersecurity sector. For example, Grapperhaus argues that the danger of hacking through Kaspersky's software is great because it is deep in the IT systems of government services. "Colleague cybersecurity companies also provide software that penetrates the capillaries of systems and comes from countries with different legislation," Enting said.

In a letter to Parliament, the government said there would always be a chance to reconsider this decision in due course. Kaspersky has in any case offered full disclosure to the Dutch government, covering customer files, software source codes or other relevant insights that show how careful and reliable its software is within vital infrastructure.

Enting: "We also emphasized that we would like to keep talking with each other, also in view of the global developments whereby Kaspersky is moving core activities from Russia to Switzerland as part of its Global Transparency Initiative. The storage and processing of customer data, software assembly and investigation activities will no longer take place in Russia from the end of 2018, but in Switzerland."

Convince government for the longer term

Kaspersky is also building a Transparency Center Zurich where organisations will get full access to the source codes of the software. An external independent party will monitor data storage and processing, software assembly and the source code. Kaspersky is committed to ensuring that all new software can be verified by this independent organization by moving to Switzerland. This will make it clear that the software and updates that customers receive correspond with the source code provided for audit. Enting: "We hope to convince the government in the long term."

Kaspersky works in the Netherlands through channel partners. According to Enting, there are already direct questions from the channel about consequences, such as from partners with many government contracts. "We immediately and proactively started talking with our partners to remove any concerns and to answer questions - which of course were there."

Limiting damage to customers in vital sectors 

Furthermore, Kaspersky is looking into how it could further limit damage - such as for customers in vital sectors. "Kaspersky Lab is well aware that as a company you must continually invest in trust and transparency,” he said. "That will certainly now also apply to our customers in vital sectors. First of all, we will enter into a dialogue with them to remove concerns and answer questions. We hope to convince them with our Global Transparency Initiative and the move to Switzerland. We also increased our bug bounty rewards to a maximum of USD 100,000 per vulnerability found in our software."

Free Headlines in your E-mail

Every day we send out a free e-mail with the most important headlines of the last 24 hours.

Subscribe now

Categories: IT
Companies: Kaspersky Lab / Telecompaper
Countries: Netherlands
::: add a comment

Add comment

We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. If you see a comment that you believe is inappropriate to the discussion, you can bring it to our attention by using the report abuse links. As the comments are written and submitted by visitors of the Telecompaper website, they in no way represent the opinion of Telecompaper.


Kaspersky: overheid stelde ons voor voldongen feit

Published 17 May 2018 09:04 CET | Netherlands
De Nederlandse overheid heeft elke vorm van samenwerking met Kaspersky Lab Benelux geweigerd in de aanloop naar het besluit om ...

Kaspersky Lab moves core processes from Russia to Switzerland

Published 15 May 2018 10:28 CET | Russian Federation
Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland. This includes ...

Dutch govt bans use of Kaspersky Lab products

Published 15 May 2018 09:49 CET | Netherlands
The Dutch government announced that the national government will no longer use anti-virus software from Kaspersky Lab. Justice ...

Number of registered Sim-cards
Belgium  |  2017