Introduction
Australia’s Department of Home Affairs has issued a directive banning the use of Kaspersky Lab products on official systems due to national security concerns. This move aligns with actions taken by other Western nations to mitigate risks associated with foreign technology.
Description
Australia’s Department of Home Affairs has issued a directive prohibiting the installation of Kaspersky Lab products and web services on official systems and devices [1], citing significant national security risks associated with potential foreign interference [5], espionage [1] [4] [5] [6] [7] [8] [9], and sabotage linked to Russian technology. Under Directive 002-2025 [7], all non-corporate Commonwealth entities must identify [5], remove [1] [2] [3] [4] [5] [6] [7] [8] [9], and prevent future installations of Kaspersky software by April 1, 2025, in accordance with the Protective Security Policy Framework (PSPF). This decision reflects a broader trend among Western nations [6], particularly members of the Five Eyes intelligence alliance [2] [9], including the United States [2], the United Kingdom [2], and Canada [2] [3] [4] [6], which have enacted similar restrictions against the Russian cybersecurity firm since 2017.
Home Affairs Secretary Stephanie Foster emphasized the unacceptable security risks posed by Kaspersky products to government networks and data, particularly due to the company’s extensive data collection practices and the potential for foreign government directives to conflict with Australian law. The assessment highlighted systemic vulnerabilities associated with Kaspersky’s data analytics features [1], which could expose sensitive networks to unauthorized access by transnational threat actors [1]. Notably, the US had previously implemented a nationwide ban on Kaspersky software in June 2024 [9].
While the directive prohibits new installations and mandates the removal of existing software, limited exemptions for national security [1] [3] [5], law enforcement [1] [3], or regulatory functions are permitted, provided that stringent risk controls are in place. Kaspersky has criticized the decision [3] [5], asserting that it is politically motivated and lacks technical justification [5], and has expressed disappointment over the lack of prior warning or dialogue before the directive was issued. The Department of Home Affairs has also advised private sector operators of critical infrastructure and state governments to adopt similar measures [1], reflecting increased scrutiny of third-party vendor risks [1]. This ban signifies a shift in cybersecurity policy [1], emphasizing supply chain vetting and zero-trust architectures [1], and may lead to the adoption of alternative cybersecurity providers such as CrowdStrike and Palo Alto Networks [1]. Additionally, Australia has banned the Chinese AI start-up DeepSeek from government systems due to national security concerns [1], underscoring the growing trend to sever ties with foreign tech companies perceived as security risks.
Conclusion
The directive against Kaspersky Lab products underscores Australia’s commitment to safeguarding national security by scrutinizing foreign technology. This policy shift towards enhanced supply chain vetting and zero-trust architectures may prompt the adoption of alternative cybersecurity solutions. As Australia continues to address potential security threats, similar measures may be considered for other foreign technology firms, reflecting a broader global trend towards increased cybersecurity vigilance.
References
[1] https://www.cybersecurityintelligence.com/blog/australian-government-bans-kaspersky-8284.html
[2] https://www.s-rminform.com/en-us/cyber-intelligence-briefing/cyber-intelligence-briefing-28-february-2025
[3] https://www.redseal.net/cyber-news-roundup-for-february-28-2025/
[4] https://www.lawfaremedia.org/article/canada’s-expulsion-from-five-eyes-would-be-a-disaster
[5] https://podtail.com/en/podcast/cyber-bites/cyber-bites-28th-february-2025/
[6] https://www.fudzilla.com/news/60616-australia-comes-the-raw-prawn-with-kaspersky
[7] https://63sats.com/blog/weekly-news-roundup-28-february-2025/
[8] https://idm.net.au/article/0015060-russian-cybersecurity-giant-purged-over-espionage-fears
[9] https://digitalmarketreports.com/news/34743/australia-bans-kaspersky-software-over-security-concerns/
