Australia has officially joined the ranks of nations barring the deployment of cybersecurity solutions from Russian firm Kaspersky, citing grave concerns over national security vulnerabilities.
Stephanie Foster PSM, Secretary of the Department of Home Affairs, underscored the gravity of the decision, stating, “Following a rigorous assessment of the threats and associated risks, I have concluded that permitting Australian government entities to utilize Kaspersky Lab, Inc.’s software and web-based services presents an untenable security hazard. The potential for foreign interference, cyber-espionage, and acts of digital sabotage poses an unacceptable risk to governmental networks and classified data.”
She further elaborated on the broader implications of this prohibition, emphasizing the necessity of establishing a resolute policy stance. “It is crucial to send a clear signal to critical infrastructure operators and various Australian governmental bodies regarding the inherent and substantial security perils linked to Kaspersky Lab, Inc.’s offerings.”
Foster also highlighted the heightened concerns surrounding Kaspersky’s extensive data-gathering practices and the looming possibility of such data being subjected to extrajudicial directives from a foreign government—an act that would stand in direct conflict with Australian law.
In accordance with directive 002-2025, issued this past Friday, all governmental agencies are now mandated to abstain from installing any Kaspersky software or web services on government-operated systems and devices. Additionally, any existing instances of such software must be eradicated no later than April 1, 2025.
However, in rare circumstances, agencies may petition for an exemption, provided they can substantiate a “legitimate business necessity” for retaining access to Kaspersky’s tools. Any such exemption must be time-bound and must incorporate stringent mitigation strategies to address potential security threats. Notably, these waivers will be confined strictly to compliance-related or law enforcement-specific requirements.
This decision mirrors a similar move undertaken by the United States, which, in June 2024, outlawed Kaspersky from distributing its software or issuing updates to its American clientele. Following this regulatory blockade, Kaspersky formally withdrew from the U.S. market in mid-July 2024.
