Australian Government Bans Kaspersky

Australia’s Department of Home Affairs has recently issued an official Direction that prohibits government agencies from installing Kaspersky products or web services on official systems and devices. The direction mandates the removal of all Kaspersky Lab software and web services from federal systems and devices, citing heightened risks of foreign interference, espionage, and sabotage. 

Australian government agencies have until April 1 to remove all existing instances of Kaspersky software on government systems and devices. 

Issued under the Protective Security Policy Framework (PSPF) Direction 002-2025, the directive requires non-corporate Commonwealth entities to identify and eliminate all instances of Kaspersky products by April 1, 2025, while prohibiting future installations. Home Affairs Secretary Stephanie Foster emphasised the decision stemmed from concerns over Kaspersky’s “extensive collection of user data” and potential exposure to “extra-judicial directions from a foreign government that conflict with Australian law”.

The direction applies to all systems and devices governed by the Public Governance, Performance and Accountability Act 2013, including government-issued mobile devices, laptops, and authorised third-party hardware. 

This specifically applies to Kaspersky’s information security products, threat intelligence platforms, and cloud-based services, though it excludes third-party software with embedded Kaspersky code.  

Foster’s assessment highlighted systemic vulnerabilities tied to Kaspersky’s data analytics and telemetry features, which could expose sensitive government networks to “transnational threat actors seeking unauthorised access”
This aligns with global apprehensions about software supply chain integrity and data sovereignty.

Australia’s ban follows similar measures by the US in 2024, which barred Kaspersky from operating in North America due to alleged ties to Russian intelligence. Canada and the UK have also restricted Kaspersky’s use in critical infrastructure, positioning Australia as the third Five Eyes nation to enact such prohibitions.

Limited exemptions are permitted for entities engaged in national security, law enforcement, or regulatory functions, provided they implement stringent risk mitigations. These include network segmentation, continuous monitoring, and restrictions on data flows to Kaspersky’s servers. 

The Department of Home Affairs has urged private sector operators of critical infrastructure and state governments to adopt the same measure safeguards. This advisory extends to private-sector contractors handling government data, reflecting heightened scrutiny of third-party vendor risks.

The Australian ban highlights the significant change in cyber security policy, with governments increasingly prioritising supply chain vetting and zero-trust architectures. A likely consequence of the action against Kaspersky will be the  accelerated adoption of alternatives like CrowdStrikePalo Alto Networks and other leading cybersecurity service providers across Australian agencies. 

Kaspersky Lab has repeatedly denied allegations of state affiliation, asserting its operations remain independent of governmental influence. 

Australia’s prohibition of Kaspersky products reflects escalating geopolitical tensions and a paradigm shift toward proactive cyber defence and Australia has also banned the Chinese Artificial Intelligence (AI) start-up DeepSeek from all government devices and systems over the "unacceptable risk" it poses to national security.

Gov.au   |    Gov.au   |    Cybersecuritynews   |   Techcrunch   |    Record   |     Hacker News

Image: Ideogram

You Might Also Read: 

Kaspersky Provokes Controversy:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« GhostSocks Malware Can Slip Past Detection Systems
From Accidental Hacker To Cybersecurity Champion »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

FireMon

FireMon

FireMon is the only agile network security policy platform for firewalls and cloud security groups providing the fastest way to streamline network security policy management.

QMS International

QMS International

QMS is one of the leading ISO certification bodies in the UK and serves clients worldwide.

InfoSec World

InfoSec World

InfoSec World conference and expo covers all aspects of information security with a broad agenda of sessions on key security issues.

NetMotion Software

NetMotion Software

NetMotion Software specializes in mobile performance management solutions to manage, secure and support the mobile enterprise.

edgescan

edgescan

edgescan is a cloud-based continuous vulnerability management and penetration testing solution.

itWatch

itWatch

itWatch is focused on data loss prevention (DLP), endpoint security, mobile security, encryption, and cost reducing solutions for IT operations.

North American Electric Reliability Corporation (NERC)

North American Electric Reliability Corporation (NERC)

NERC is a not-for-profit international regulatory authority whose mission is to assure the reliability and security of the bulk power system in North America.

SparkCognition

SparkCognition

SparkCognition’s AI-powered solutions enhance cybersecurity, identify and prevent equipment failures before they happen, and provide prescriptive intelligence for maintaining your most critical assets

PRODAFT

PRODAFT

PRODAFT, Proactive Defense Against Future Threats, is a cyber security and cyber intelligence company providing solutions to commercial customers and government institutions.

Zuratrust

Zuratrust

Zuratrust provide protection for all kinds of email related cyber attacks.

Kentik

Kentik

Kentik - one platform for Network Visibility, Performance, and Security.

Start Left® Security

Start Left® Security

From Posture to Performance—The System That Improves How Software Gets Built.

Segra

Segra

Segra owns and operates one of the nation’s largest fiber networks and provides best-in-class broadband and data security solutions throughout the Southeast and Mid-Atlantic.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

Telit Cinterion

Telit Cinterion

Telit Cinterion is a global enabler of the intelligent edge providing highly secure IoT solutions, modules and services.

Elixirr

Elixirr

Elixirr is an award-winning global consulting firm working with clients across a diverse range of markets, industries and geographies.