With his open letter, Eugene Kaspersky responds to the BSI's warning about Kaspersky software. He calls the warning from the BSI “collateral damage – for cyber security”. The BSI warning was issued on March 15, 2022, followed by a short statement of the company Kaspersky.
“In the last three weeks, the war in Ukraine has dramatically changed the world as we know it. Families, relationships and partnerships have been dramatically shattered in Ukraine, in Russia, in Europe and around the world. The avalanche of these tragic events gripped us all.
My company, the world's largest private cybersecurity company, which proudly bears my name, is also affected. This week, the German Federal Office for Information Security (BSI) issued a Kaspersky product warning, pointing out potential risks of using Kaspersky products and solutions. Without going into details, I can say that these claims are pure speculation, unsupported by any objective evidence or technical details. The reason for this is simple. In Kaspersky's twenty-five year history, there has never been any evidence of our software being misused for malicious purposes. And this despite countless attempts to find proof of this.
In Kaspersky's twenty-five year history, there has never been any evidence of our software being misused
Eugene Kaspersky, CEO (Image: Kaspersky).
Without evidence, I can only conclude that the BSI's decision was made solely for political reasons. I find it sad, even ironic, that the organization, which champions objectivity, transparency and technical proficiency - the same values that Kaspersky, by the way, has supported for years, as well as the BSI and other European regulators and industry associations - literally grew overnight has chosen or been forced to abandon these principles. Kaspersky, a longtime trusted partner and supporter of the BSI and the German cybersecurity industry, only had a few hours to comment on these false and unfounded allegations. This is not an invitation to dialogue - it is an insult.
The warning conveniently ignores the fact that Kaspersky has been pioneering transparency for years
Despite many offers from Kaspersky to examine our source code, our updates, our architecture and our processes in detail in Kaspersky's transparency centers in Europe, the BSI has never done so. The warning conveniently ignores the fact that Kaspersky has been pioneering transparency for years by as part of its Global Transparency Initiative moved threat data from its European customers to Switzerland. With all due respect, I consider the BSI's decision to be an unjustified attack on my company and in particular on Kaspersky employees in Germany and Europe. Above all, however, this is also an attack on the large number of consumers in Germany who Kaspersky - Awarded the best security offer in the last two weeks (AV-TEST) - give her trust. It is also an attack on the jobs of thousands of German IT security professionals, on law enforcement officers we have trained to fight the most advanced cybercrime, on German computer science students whom we have helped train, on our partners in research projects in the most critical areas of cybersecurity and to tens of thousands of German and European companies of all sizes that we have protected from the full spectrum of cyber attacks.
It is also an attack on the jobs of thousands of German IT security experts
The damage to our reputation and our business caused by the warning from the BSI is already considerable. I have a question: What is the purpose? Not having Kaspersky in Germany will not make Germany or Europe any safer. But on the contrary. The BSI decision means that German users are advised to uninstall the only antivirus program that, according to the independent German IT security institute AV-Test, guarantees the best protection against ransomware. It means that the leading German industrial companies will no longer receive information about critical vulnerabilities in their software and hardware from Kaspersky ICS-CERT - an organization that these same manufacturers praise for their responsible educational work. It means that German car companies are not informed about the bugs that could allow an attacker to take over the entire on-board computer system and change its logic. It creates a huge blind spot on the attack surface for European incident response professionals and SOC operators who will no longer be able to receive threat intelligence from around the world - and Russia in particular.
It creates a huge attack surface blind spot for European incident response professionals and SOC operators
My message to the BSI, which unfortunately seems to have avoided contact with my team in Germany for a short time, is simple: We consider this decision to be unfair and fundamentally wrong. Nonetheless, we remain open to addressing any concerns the BSI has in an objective, technical and honest manner. We are grateful to the European regulators and industry experts who have taken a more balanced approach by requiring additional technical analysis and scrutiny of security solutions and the IT supply chain, and I commit to providing all required information to Kaspersky throughout this process and will be happy to cooperate. I would like to say to our German and European customers: We are very grateful that you have chosen Kaspersky and that we will continue to do what we do best - protect you from all cyber threats, no matter where they come from, while being fully transparent about our technology and our operations.
We are grateful to European regulators and industry experts who have taken a more balanced approach by requiring additional technical analysis and auditing of security solutions and the IT supply chain
The war in Ukraine can only be ended through diplomatic channels, and we all hope that hostilities will cease and dialogue will continue. This war is a tragedy that has already brought suffering to innocent people and is affecting our hyper-connected world. The global cybersecurity industry, built on trust and collaboration to protect the digital connections between us all, could suffer collateral damage – making everyone less secure.”
Eugene Kaspersky, CEO
More at Kaspersky.com
About Kaspersky Kaspersky is an international cybersecurity company founded in 1997. Kaspersky's in-depth threat intelligence and security expertise serve as the basis for innovative security solutions and services to protect companies, critical infrastructures, governments and private users worldwide. The company's comprehensive security portfolio includes leading endpoint protection as well as a range of specialized security solutions and services to defend against complex and evolving cyber threats. Kaspersky technologies protect over 400 million users and 250.000 corporate customers. More information about Kaspersky can be found at www.kaspersky.com/