Australian Government Bans Kaspersky

Australia’s Department of Home Affairs has recently issued an official Direction that prohibits government agencies from installing Kaspersky products or web services on official systems and devices. The direction mandates the removal of all Kaspersky Lab software and web services from federal systems and devices, citing heightened risks of foreign interference, espionage, and sabotage. 

Australian government agencies have until April 1 to remove all existing instances of Kaspersky software on government systems and devices. 

Issued under the Protective Security Policy Framework (PSPF) Direction 002-2025, the directive requires non-corporate Commonwealth entities to identify and eliminate all instances of Kaspersky products by April 1, 2025, while prohibiting future installations. Home Affairs Secretary Stephanie Foster emphasised the decision stemmed from concerns over Kaspersky’s “extensive collection of user data” and potential exposure to “extra-judicial directions from a foreign government that conflict with Australian law”.

The direction applies to all systems and devices governed by the Public Governance, Performance and Accountability Act 2013, including government-issued mobile devices, laptops, and authorised third-party hardware. 

This specifically applies to Kaspersky’s information security products, threat intelligence platforms, and cloud-based services, though it excludes third-party software with embedded Kaspersky code.  

Foster’s assessment highlighted systemic vulnerabilities tied to Kaspersky’s data analytics and telemetry features, which could expose sensitive government networks to “transnational threat actors seeking unauthorised access”
This aligns with global apprehensions about software supply chain integrity and data sovereignty.

Australia’s ban follows similar measures by the US in 2024, which barred Kaspersky from operating in North America due to alleged ties to Russian intelligence. Canada and the UK have also restricted Kaspersky’s use in critical infrastructure, positioning Australia as the third Five Eyes nation to enact such prohibitions.

Limited exemptions are permitted for entities engaged in national security, law enforcement, or regulatory functions, provided they implement stringent risk mitigations. These include network segmentation, continuous monitoring, and restrictions on data flows to Kaspersky’s servers. 

The Department of Home Affairs has urged private sector operators of critical infrastructure and state governments to adopt the same measure safeguards. This advisory extends to private-sector contractors handling government data, reflecting heightened scrutiny of third-party vendor risks.

The Australian ban highlights the significant change in cyber security policy, with governments increasingly prioritising supply chain vetting and zero-trust architectures. A likely consequence of the action against Kaspersky will be the  accelerated adoption of alternatives like CrowdStrikePalo Alto Networks and other leading cybersecurity service providers across Australian agencies. 

Kaspersky Lab has repeatedly denied allegations of state affiliation, asserting its operations remain independent of governmental influence. 

Australia’s prohibition of Kaspersky products reflects escalating geopolitical tensions and a paradigm shift toward proactive cyber defence and Australia has also banned the Chinese Artificial Intelligence (AI) start-up DeepSeek from all government devices and systems over the "unacceptable risk" it poses to national security.

Gov.au   |    Gov.au   |    Cybersecuritynews   |   Techcrunch   |    Record   |     Hacker News

Image: Ideogram

You Might Also Read: 

Kaspersky Provokes Controversy:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« GhostSocks Malware Can Slip Past Detection Systems
From Accidental Hacker To Cybersecurity Champion »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

ClearedJobs.Net

ClearedJobs.Net

ClearedJobs.Net is a career site and job fair company for professionals seeking careers in the defense, intelligence and cyber security communities.

AvePoint

AvePoint

AvePoint is an established leader in enterprise-class data management, governance, and compliance software solutions.

Cyberwatch

Cyberwatch

Cyberwatch is a Vulnerability Scanner & Fixer software that helps you to detect and fix the vulnerabilities of your Information System.

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer Institute for Secure Information Technology (SIT)

Fraunhofer SIT is a research centre specialising in all areas of IT security.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

Tessian

Tessian

Tessian (formerly CheckRecipient) is a next-generation email security platform that helps enterprises counteract human error and significantly reduce the risk of data loss.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Trusted CI

Trusted CI

Trusted CI, the NSF Cybersecurity Center of Excellence is comprised of cybersecurity experts who have spent decades working with science and engineering communities.

Secure Digital Solutions (SDS)

Secure Digital Solutions (SDS)

Secure Digital Solutions is a leading consulting firm in the business of information security providing cyber security program strategy, enterprise risk and compliance, and data privacy.

Hyperwise Ventures

Hyperwise Ventures

Hyperwise Ventures lead seed investments in startups in the cyber security and enterprise software spaces.

Stratia Cyber

Stratia Cyber

Stratia Cyber is an independent, technology agnostic company providing high quality, pragmatic cyber security consultancy and expertise.

Lodestone

Lodestone

Lodestone partners with clients to help them mitigate business and reputational risk, through our human-based, approach to cyber security, digital forensics and incident response.

Arsen Cybersecurity

Arsen Cybersecurity

Arsen is a French cybersecurity startup, dedicated to enhancing human behaviors in cybersecurity.

Spirit Technology Solutions

Spirit Technology Solutions

Spirit Technology Solutions is a modern workplace services provider committed to delivering solutions that embody our core principles of security, sustainability, and scalability.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).