Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns.
“After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data, arising from threats of foreign interference, espionage and sabotage,” Stephanie Foster PSM, the Secretary of the Department of Home Affairs, said.
“I have also considered the important need for a strong policy signal to critical infrastructure and other Australian governments regarding the unacceptable security risk associated with the use of Kaspersky Lab, Inc. products and web services.”
Foster further pointed out that entities are responsible for managing the risks arising from Kaspersky’s extensive collection of user data and exposure of that data to extrajudicial directions from a foreign government that conflicts with Australian law.
Under the new direction (002-2025) issued by the government, government entities are prohibited from installing Kaspersky’s products and web services on government systems and devices, as well as removing all existing instances by April 1, 2025.
That said, agencies may seek an exemption for the use of Kaspersky’s software for what has been described as a “legitimate business reason” and ensure that appropriate mitigations are in place.
Such exemptions must be time-limited and restricted to meeting requirements for purposes of meeting compliance and law enforcement functions.
The move follows that of the U.S. which, in late June 2024, banned Kaspersky from selling its software and products in the country or issuing product updates to existing customers. The company exited the U.S. market in mid-July 2024.
