It’s a rare step that speaks volumes about worry. In recent weeks, two agents from the Regional University Hospital Center (CHRU) in Brest have asked the person in charge of the establishment’s computer security, Jean-Sylvain Chavanne. The two employees were graying due to the presence at the 8,000 hospital workplaces of the Russian antivirus Kaspersky.
This computer tool used by individuals or businesses and governments smells like sulfur since the Russian invasion of Ukraine† Based in Moscow but controlled by a UK-registered holding company, this computer security giant, which achieved sales of $700 million in 2020, has just been placed on the list of black telecommunications equipment threatening national security in the United States. The controversy has a deja vu atmosphere: in 2017, the US government was already concerned about the risks of espionage associated with this software developed by Eugène Kaspersky, a former student of the technical faculty of the KGB, the powerful agency Soviet intelligence.
Concerns in France and Germany
But what are we actually blaming this publisher for? “Antiviruses have to be very intrusive to work: what if the Russian government forces Kaspersky to place a computer time bomb in a future update? », summarizes Alain Bouillé, General Manager of the Club of Experts in Information and Digital Security (Cesin), an association of professionals in the sector.
It is a company that goes to great lengths to prove that it is not affiliated with its government. Believe it or not, but she tried transparency
This is feared by the German Federal Office for Information Security, which advised to change the software. “A Russian IT company could conduct offensive operations, be forced to attack targets or be spied on without its knowledge,” the agency explains. Anssi, the French state cyber-firefighter, expressed concern about the company’s ability to keep its products “in the necessary state of the art” due to its isolation from Moscow.
Brest’s CHRU will change its antivirus
However, Kaspersky’s software is “probably one of the best antivirus programs on the market,” emphasizes Alain Bouillé. This suggests that the risk appears to be low for non-sensitive individuals or companies. “It is a company that goes to great lengths to prove that it is not tied to the government. Believe it or not, she was trying to be transparent,” said a former military specialist.
A flattering technical portrait that no longer suffices today. While there are many alternatives on the market for this basic piece of IT security, a recent Cesin survey found that most (84%) of its members who use antivirus are considering other solutions. This is also the case for hospitals in Brest. Jean-Sylvain Chavanne is now counting on a change of antivirus by the end of the year. A strategy of diversifying its security products, however, launched before the Ukrainian crisis, but which is now being stimulated by the international context.