Australian Government Bans Kaspersky

Australia’s Department of Home Affairs has recently issued an official Direction that prohibits government agencies from installing Kaspersky products or web services on official systems and devices. The direction mandates the removal of all Kaspersky Lab software and web services from federal systems and devices, citing heightened risks of foreign interference, espionage, and sabotage. 

Australian government agencies have until April 1 to remove all existing instances of Kaspersky software on government systems and devices. 

Issued under the Protective Security Policy Framework (PSPF) Direction 002-2025, the directive requires non-corporate Commonwealth entities to identify and eliminate all instances of Kaspersky products by April 1, 2025, while prohibiting future installations. Home Affairs Secretary Stephanie Foster emphasised the decision stemmed from concerns over Kaspersky’s “extensive collection of user data” and potential exposure to “extra-judicial directions from a foreign government that conflict with Australian law”.

The direction applies to all systems and devices governed by the Public Governance, Performance and Accountability Act 2013, including government-issued mobile devices, laptops, and authorised third-party hardware. 

This specifically applies to Kaspersky’s information security products, threat intelligence platforms, and cloud-based services, though it excludes third-party software with embedded Kaspersky code.  

Foster’s assessment highlighted systemic vulnerabilities tied to Kaspersky’s data analytics and telemetry features, which could expose sensitive government networks to “transnational threat actors seeking unauthorised access”
This aligns with global apprehensions about software supply chain integrity and data sovereignty.

Australia’s ban follows similar measures by the US in 2024, which barred Kaspersky from operating in North America due to alleged ties to Russian intelligence. Canada and the UK have also restricted Kaspersky’s use in critical infrastructure, positioning Australia as the third Five Eyes nation to enact such prohibitions.

Limited exemptions are permitted for entities engaged in national security, law enforcement, or regulatory functions, provided they implement stringent risk mitigations. These include network segmentation, continuous monitoring, and restrictions on data flows to Kaspersky’s servers. 

The Department of Home Affairs has urged private sector operators of critical infrastructure and state governments to adopt the same measure safeguards. This advisory extends to private-sector contractors handling government data, reflecting heightened scrutiny of third-party vendor risks.

The Australian ban highlights the significant change in cyber security policy, with governments increasingly prioritising supply chain vetting and zero-trust architectures. A likely consequence of the action against Kaspersky will be the  accelerated adoption of alternatives like CrowdStrikePalo Alto Networks and other leading cybersecurity service providers across Australian agencies. 

Kaspersky Lab has repeatedly denied allegations of state affiliation, asserting its operations remain independent of governmental influence. 

Australia’s prohibition of Kaspersky products reflects escalating geopolitical tensions and a paradigm shift toward proactive cyber defence and Australia has also banned the Chinese Artificial Intelligence (AI) start-up DeepSeek from all government devices and systems over the "unacceptable risk" it poses to national security.

Gov.au   |    Gov.au   |    Cybersecuritynews   |   Techcrunch   |    Record   |     Hacker News

Image: Ideogram

You Might Also Read: 

Kaspersky Provokes Controversy:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« GhostSocks Malware Can Slip Past Detection Systems
From Accidental Hacker To Cybersecurity Champion »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

Federal Office For Information Security (BSI) - Germany

Federal Office For Information Security (BSI) - Germany

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Towergate Insurance

Towergate Insurance

Towergate Insurance is a leading UK specialist insurance broker. Business products include Cyber Liability Insurance.

United Nations Office on Drugs & Crime (UNODC)

United Nations Office on Drugs & Crime (UNODC)

UNODC promotes long-term and sustainable capacity building in the fight against cybercrime through supporting national structures and action.

Rule4

Rule4

Rule4 is a global professional services firm that provides practical, real-world knowledge and solutions in areas including cybersecurity, AI, Machine Learning and industrial control systems.

Cloud Box Technologies

Cloud Box Technologies

Cloud Box Technologies is one of the premier IT Infrastructure Solution providers in the Middle East.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

Cyber Capital Partners

Cyber Capital Partners

Cyber Capital Partners build strategic and financial partnerships with small and mid-sized cybersecurity companies in highly regulated markets.

Gogolook

Gogolook

Gogolook is a leading TrustTech company. With "Build for Trust" as its core value, it aims to create an AI- and data-driven global anti-fraud network as well as Risk Management as a Service.

DART Consulting & Training

DART Consulting & Training

DART is a leading cyber training and consultancy company. We enhance our clients’ cyber capabilities by growing and strengthening their frontline defense – the cyber teams.

HEAL Security

HEAL Security

HEAL Security is the global authority for cybersecurity data, research and insights across the healthcare sector.

Everfox

Everfox

Everfox (formerly Forcepoint Federal) has been defending the world's most critical data and networks against the most complex cyber threats imaginable for more than 25 years.

E-CQURITY (ECQ)

E-CQURITY (ECQ)

ECQ is a network security company offering offensive security services and solutions focused on active offensive and defensive positioning.

CrashPlan

CrashPlan

CrashPlan delivers secure, continuous endpoint backup and recovery for businesses of all sizes.

Krash Consulting

Krash Consulting

Krash Consulting is a premier provider of Cyber Security solutions, offering a range of services to safeguard businesses against cyber-attacks, minimize fraud, and protect brand reputation globally.