Australian Government Bans Kaspersky

Uploaded on 2025-02-28 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Australia’s Department of Home Affairs has recently issued an official Direction that prohibits government agencies from installing Kaspersky products or web services on official systems and devices. The direction mandates the removal of all Kaspersky Lab software and web services from federal systems and devices, citing heightened risks of foreign interference, espionage, and sabotage.

Australian government agencies have until April 1 to remove all existing instances of Kaspersky software on government systems and devices.

Issued under the Protective Security Policy Framework (PSPF) Direction 002-2025, the directive requires non-corporate Commonwealth entities to identify and eliminate all instances of Kaspersky products by April 1, 2025, while prohibiting future installations. Home Affairs Secretary Stephanie Foster emphasised the decision stemmed from concerns over Kaspersky’s “extensive collection of user data” and potential exposure to “extra-judicial directions from a foreign government that conflict with Australian law”.

The direction applies to all systems and devices governed by the Public Governance, Performance and Accountability Act 2013, including government-issued mobile devices, laptops, and authorised third-party hardware.

This specifically applies to Kaspersky’s information security products, threat intelligence platforms, and cloud-based services, though it excludes third-party software with embedded Kaspersky code.

Foster’s assessment highlighted systemic vulnerabilities tied to Kaspersky’s data analytics and telemetry features, which could expose sensitive government networks to “transnational threat actors seeking unauthorised access”
This aligns with global apprehensions about software supply chain integrity and data sovereignty.

Australia’s ban follows similar measures by the US in 2024, which barred Kaspersky from operating in North America due to alleged ties to Russian intelligence. Canada and the UK have also restricted Kaspersky’s use in critical infrastructure, positioning Australia as the third Five Eyes nation to enact such prohibitions.

Limited exemptions are permitted for entities engaged in national security, law enforcement, or regulatory functions, provided they implement stringent risk mitigations. These include network segmentation, continuous monitoring, and restrictions on data flows to Kaspersky’s servers.

The Department of Home Affairs has urged private sector operators of critical infrastructure and state governments to adopt the same measure safeguards. This advisory extends to private-sector contractors handling government data, reflecting heightened scrutiny of third-party vendor risks.

The Australian ban highlights the significant change in cyber security policy, with governments increasingly prioritising supply chain vetting and zero-trust architectures. A likely consequence of the action against Kaspersky will be the accelerated adoption of alternatives like CrowdStrike, Palo Alto Networks and other leading cybersecurity service providers across Australian agencies.

Kaspersky Lab has repeatedly denied allegations of state affiliation, asserting its operations remain independent of governmental influence.

Australia’s prohibition of Kaspersky products reflects escalating geopolitical tensions and a paradigm shift toward proactive cyber defence and Australia has also banned the Chinese Artificial Intelligence (AI) start-up DeepSeek from all government devices and systems over the "unacceptable risk" it poses to national security.

Image: Ideogram

You Might Also Read:

Kaspersky Provokes Controversy:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.