More than 50 Bosnian institutions are still using Kaspersky antivirus software, which was banned in US and partly or fully in some of European countries due to security reasons, Radio Free Europe (RFE) reported, citing the General Secretariat of the Council of ministers as a source.

Among the institutions are the Presidency, the Council of Ministers, the Armed Forces and the State Investigation and Protection Agency (SIPA) of Bosnia and Herzegovina.

By the end of 2022, a total of 1,300 Kaspersky antivirus licenses have been purchased from the Russian company. Then, an additional 200 were purchased when the Secretariat reached a contract with the Banja Luka company ‘Prointer’, worth slightly less than 18 thousand euros.

Back in 2017, the United States government banned the use of their antivirus programs in all government agencies due to accusations of cooperation with the Russian Federal Security Service, which the company denied.

In Bosnia and Herzegovina, however, apart from the Council of Ministers, other public institutions and companies are still using the software.

Only since the beginning of 2022, the Agency for Medicines and Medical Devices of Bosnia and Herzegovina, the Tax Administration, Post Office and Railways of Republika Srpska entity, the Faculty of Law in Sarajevo, the Mine and the Gacko Thermal Power Plant have procured or extended licenses for Kaspersky through public procurement.

At the beginning of September last year, Bosnia and Herzegovina was the target of a cyber attack, when the website of the state parliament was disabled for two weeks. At that time, the portal of the Council of Ministers of Bosnia and Herzegovina, the Service for Joint Affairs, ‘Sarajevo Gas’ and several other companies experienced a short blackout.

The General Secretariat of the Council of Ministers said that because of these attacks, they bought additional licenses for the remaining devices and updated the operating systems and antiviruse software.

They said that the software is installed on devices that are on the e-government system, which means the complete IT infrastructure that state institutions rely on.

The contract with the ‘Prointer’ company implies an “end-point” security solution, which secures user devices – desktop computers, laptops and mobile phones. They pointed out that the company's offer in the tender was the most favourable, the RFE reported.

“We have no knowledge that this software is potentially malicious, we also note that this solution is used by many other European companies and state administrations,” the Secretariat said.

When asked by RFE whether the use of the software contradicts the sanctions against Russia, with which Bosnia and Herzegovina has agreed with, the Secretariat replied that they are “not officially aware” of such a decision.

Asked if Kaspersky software might represent a security threat, the secretariat responded that all traffic via public links is monitored, and that so far “there have been no indications of such activities.”