“We have to ensure cyber security of the state therefore it is a timely decision of the Government taken with regard to the assessment of threats and vulnerabilities. We have cooperated with other state institutions to find solutions and measures proportional to the estimated threat,” Vice Minister of National Defence Edvinas Kerza said. According to Vice Minister, it did not matter that the governmental decision only concerned managers of critical infrastructure, including energy, finance, transport, and others, and public sector, business enterprises were also advised to assess individually the risks their antivirus software poses.
On the basis of the threat assessment, representatives of the Government delegated to the managers of critical information infrastructure to replace Kaspersky Lab software with safe equivalents within a set time. Managers of state information resources using Kaspersky Lab software are ordered to carry out analysis of the risks of using the software and to replace it within the time coordinated with the National Cyber Security Centre.
“Experts of the National Cyber Security Centre will make every effort to provide proper consultations to the institutions and to render methodological assistance to ensure smooth replacement of the software,” Deputy Director of the Cyber Security and Telecommunications Service under the MoD, performing the functions of the National Cyber Security Centre, Rytis Rainys said. The Centre will be also reporting to the Government on the actions and results of the institutions implementing the governmental decision.
Legislation will be supplemented and amended to account for the governmental recognition of the Kaspersky Lab national security threat and the possibility that limiting the use of the software would have an effect on the market and public procurement procedure.
Corresponding amendments to the Laws on the Public Procurement and Public Procurement in Defence and Security Sector would legitimise exclusion of unreliable providers, while the Law on Cyber Security would lay out essential criteria for drawing the list of unsafe and forbidden software for using on the information systems of critical information infrastructure and state information resources managers.
