Security experts have warned against Belgium’s continued use of Russian-developed anti-virus software Kaspersky, over fears that the software may contain vulnerabilities that may be exploited by the Russian government, according to Belgian newspaper De Morgen.
Across Europe, major users of the anti-virus software, which was once regarded as one of the best antivirus software on the market, have begun to ditch the software over serious security concerns following Russia’s invasion of Ukraine.
At great cost, the Italian Government has already dropped all of its contracts with the company. In Belgium, the political party New Flemish Alliance (N-VA) has opted to remove the software from over 500 party computers over security concerns.
The Dutch Government has banned the use of the software since 2018, over fears that Kaspersky would be forced to comply with orders given by the Kremlin. German and French cybersecurity agencies have both publicly advised against the use of the software, which it views as potentially exploitable.
However, despite serious security concerns about the use of the software, the Belgian Federal Government has still not banned the use of the antivirus software for state affairs. The longer Belgium waits to take action, the greater the risk, cyber expert Bart Preneel told De Morgen.
“While all neighbouring countries are warning against the antivirus software of the Russian company Kaspersky, our country is hesitating. The risk has only increased since the war,” the expert said.
Belgium government's 'nonchalant' approach
This is not the first instance of questionable cybersecurity practices from the Belgian government. Despite warnings across Europe, the Belgian Defence Ministry employs hundreds of Huawei WIFI routers, which experts fear may give the Chinese government access to classified information.
In the U.S, the use of high-risk suppliers are banned in government networks by the Secure Equipment Act. Chinese producers used extensively in Belgium, such as HikVision cameras and Huawei routers, are explicitly forbidden. Furthermore, since 25 March, so too is the use of their Russian Kaspersky antivirus software.
Kaspersky’s main research and development remains in Moscow and experts warn that the Russian government may force the company to divulge user data. The software has, as of yet, not been demonstrated to be harmful, but still poses a risk due to the geopolitical situation.
Related News
- More than 10% of Flemish businesses fall victim to cyber attacks
- €20 million cybersecurity centre to open in the Ardennes
- Belgium warns of potential cyberattacks resulting from Russian invasion of Ukraine
Calls are already rising on the Federal Government to get serious on cybersecurity, and it has already committed to spending €110 million on improving security infrastructure. Nevertheless, Belgian politicians are pressuring De Croo and his cabinet to review its use of leaky software and hardware.
“It is incomprehensible that our country is so nonchalant when it comes to cybersecurity and does not send out any warning to companies and their own services,” said N-VA politician Michael Freilich.
Together with colleague Theo Francken, Freilich is tabling an agenda in June to ask the government to draw up a list of high-risk suppliers, similar to the one used in the U.S, which lists manufacturers and companies that pose a risk to national security.
Minister of Justice Vincent Van Quickenborne had previously warned that such controls on the use of foreign equipment would amount to “protectionism”. The government is instead looking to implement new legislation to check whether foreign investments in strategic sectors of the economy pose security risks.
De Morgen states that the Kaspersky software is extensively used within the Belgian police force, and there are no official statistics on how many licences are held by government ministries.
As previously reported by The Brussels Times, even the Belgian Defence Ministry’s network was knocked offline for four weeks in December 2021, forcing staff to use civilian messaging services such as Whatsapp to complete their work.