The letter was issued by Ciaran Martin, chief executive of the National Cyber Security Centre, who said it was being sent because "the issue of supply chain risk in cloud-based products, including anti-virus software, is receiving a lot of attention at the moment".
Though Martin did not make it clear, the only Russian anti-virus software that is in the media these days is that produced by Kaspersky Lab.
The US has banned its use in the public sector, claiming that it poses a security risk.
After outlining the way A-V software works and pointing out that it needed administrative access to a system in order to do its job, Martin said: "That's why the country of origin matters. It isn’t everything, and nor is it a simple matter of flags – there are Western companies who have non-Western contributors to their supply chain, including from hostile states. But in the national security space there are some obvious risks around foreign ownership."
He said the specific country being referred to was Russia. " The NCSC advises that Russia is a highly capable cyber threat actor which uses cyber as a tool of statecraft.
"This includes espionage, disruption and influence operations. Russia has the intent to target UK central Government and the UK’s critical national infrastructure."
Martin said, in connection with his letter, the NCSC had published specific guidance on managing the risk of cloud-enabled products.
Reacting to that guidance, Kaspersky Lab said it appreciated the collaborative, risk management-based approach taken by the NCSC with regards to identifying and mitigating any potential information security risks involved in the sourcing of IT products.
"Kaspersky Lab fully agrees that supply chain risk management is critical to information security, and therefore, we look forward to continuing our dialogue with the NCSC to develop a framework that can independently verify and provide assurance of the integrity of Kaspersky Lab's products and services.
"As stated in the company's Global Transparency Initiative announcement, Kaspersky Lab continues to partner with its stakeholders globally, including governments, as part of its ongoing commitment to protect customers from cyber threats."
The company added that it was important to note that the NCSC was not encouraging consumers or businesses against using Kaspersky Lab software from this sentence: "...we see no compelling case at present to extend that advice to wider public sector, more general enterprises, or individuals."