Australian Government Bans Kaspersky

Australia’s Department of Home Affairs has recently issued an official Direction that prohibits government agencies from installing Kaspersky products or web services on official systems and devices. The direction mandates the removal of all Kaspersky Lab software and web services from federal systems and devices, citing heightened risks of foreign interference, espionage, and sabotage. 

Australian government agencies have until April 1 to remove all existing instances of Kaspersky software on government systems and devices. 

Issued under the Protective Security Policy Framework (PSPF) Direction 002-2025, the directive requires non-corporate Commonwealth entities to identify and eliminate all instances of Kaspersky products by April 1, 2025, while prohibiting future installations. Home Affairs Secretary Stephanie Foster emphasised the decision stemmed from concerns over Kaspersky’s “extensive collection of user data” and potential exposure to “extra-judicial directions from a foreign government that conflict with Australian law”.

The direction applies to all systems and devices governed by the Public Governance, Performance and Accountability Act 2013, including government-issued mobile devices, laptops, and authorised third-party hardware. 

This specifically applies to Kaspersky’s information security products, threat intelligence platforms, and cloud-based services, though it excludes third-party software with embedded Kaspersky code.  

Foster’s assessment highlighted systemic vulnerabilities tied to Kaspersky’s data analytics and telemetry features, which could expose sensitive government networks to “transnational threat actors seeking unauthorised access”
This aligns with global apprehensions about software supply chain integrity and data sovereignty.

Australia’s ban follows similar measures by the US in 2024, which barred Kaspersky from operating in North America due to alleged ties to Russian intelligence. Canada and the UK have also restricted Kaspersky’s use in critical infrastructure, positioning Australia as the third Five Eyes nation to enact such prohibitions.

Limited exemptions are permitted for entities engaged in national security, law enforcement, or regulatory functions, provided they implement stringent risk mitigations. These include network segmentation, continuous monitoring, and restrictions on data flows to Kaspersky’s servers. 

The Department of Home Affairs has urged private sector operators of critical infrastructure and state governments to adopt the same measure safeguards. This advisory extends to private-sector contractors handling government data, reflecting heightened scrutiny of third-party vendor risks.

The Australian ban highlights the significant change in cyber security policy, with governments increasingly prioritising supply chain vetting and zero-trust architectures. A likely consequence of the action against Kaspersky will be the  accelerated adoption of alternatives like CrowdStrikePalo Alto Networks and other leading cybersecurity service providers across Australian agencies. 

Kaspersky Lab has repeatedly denied allegations of state affiliation, asserting its operations remain independent of governmental influence. 

Australia’s prohibition of Kaspersky products reflects escalating geopolitical tensions and a paradigm shift toward proactive cyber defence and Australia has also banned the Chinese Artificial Intelligence (AI) start-up DeepSeek from all government devices and systems over the "unacceptable risk" it poses to national security.

Gov.au   |    Gov.au   |    Cybersecuritynews   |   Techcrunch   |    Record   |     Hacker News

Image: Ideogram

You Might Also Read: 

Kaspersky Provokes Controversy:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« GhostSocks Malware Can Slip Past Detection Systems
From Accidental Hacker To Cybersecurity Champion »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Tendo Solutions

Tendo Solutions

Tendo Solutions provides intelligence, security, forensics and risk solutions to clients across different sectors and jurisdictions.

Libraesva

Libraesva

Libraesva secures email communications for organisations, helping them eliminate email borne threats, preserve email data and provide an environment for their people to communicate safely.

Outpost24

Outpost24

Outpost24 provides easy to deploy and intuitive solutions to continuously identify, remediate and mitigate vulnerabilities in your network.

OCERT

OCERT

OCERT is the National Computer Emergency Response Team of Oman.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Baffle

Baffle

Baffle is pioneering a solution that makes data breaches irrelevant by keeping data encrypted from production through processing.

Rafael

Rafael

Rafael has more than 15 years of proven experience in the cyber arena providing solutions for national security as well as commercial applications.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Commonwealth Cyber Initiative (CCI)

Commonwealth Cyber Initiative (CCI)

The Commonwealth Cyber Initiative is establishing Virginia as a global center of excellence at the intersection of security, autonomous systems, and data.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.

Identifid

Identifid

Identifid offers a suite of fraud prevention and identity authentication solutions to businesses and governments using the latest advances in AI, vision processing, and biometric recognition.

Loccus AI

Loccus AI

Loccus are developers of AI solutions in the voice safety space. We build identity verification solutions, deepfake detection systems and fraud protection products for companies and end-users.

Vulnify

Vulnify

At Vulnify, we’re revolutionizing the way businesses identify and manage security vulnerabilities.