Australia recently joined a growing list of countries that have banned the installation of security software from Russian company Kaspersky, citing national security concerns. The Australian government, through the Department of Home Affairs, highlighted the unacceptable security risks posed by Kaspersky products. Secretary Stephanie Foster PSM emphasized concerns about potential foreign interference, espionage, and sabotage, which could compromise the security of Australian government networks and data. This decision follows an assessment of threat and risk analysis related to the use of Kaspersky’s software and web services within government systems.
Foster also stressed the importance of sending a strong policy message to other critical infrastructure entities and Australian governments.
The government expressed concerns about Kaspersky’s extensive collection of user data, as well as the exposure of this data to potential extrajudicial directions from a foreign government. These concerns raised serious issues with Australian law, especially in terms of protecting sensitive information and maintaining national security.
Under the new directive issued by the government, Australian government entities are prohibited from installing Kaspersky products or web services on their systems and devices. The directive also mandates the removal of any existing instances of the software by April 1, 2025. However, there is a provision for exemptions, which can be sought for “legitimate business reasons” by agencies, provided that adequate mitigations are implemented to ensure security. These exemptions would be time-limited and restricted to specific purposes such as compliance and law enforcement functions.
This move by Australia follows a similar action taken by the United States in June 2024, which banned Kaspersky products from being sold in the country and prohibited updates to existing customers. Kaspersky subsequently exited the U.S. market in mid-July 2024. As global concerns over cybersecurity continue to mount, the decision to ban Kaspersky is part of broader efforts to safeguard critical infrastructure and protect national interests.
