Australian government authorities have banned all Kaspersky Lab software and online services from government computers and networks. This follows a security audit that concluded that the Russian cyber security company poses a risk to national security.
Stephanie Foster, Secretary of the Department of Home Affairs, defended the ban by saying, “I have determined that the use of Kaspersky Lab products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks, and data, arising from threats of foreign interference, espionage, and sabotage.”
The directive requires all non-corporate Commonwealth organizations to identify and remove existing Kaspersky software, prevent future installation, and notify the Department’s Commonwealth Security Policy Branch of compliance.
Limited exceptions are available for particular national security or regulatory needs, including law enforcement.
Australia Bans Kaspersky Products Over Security Concerns
Foster emphasized the broader implications of the action, writing she had “considered the important need for a strong policy signal to critical infrastructure and other Australian governments regarding the unacceptable security risk associated with the use of Kaspersky Lab products and web services.” This suggests that Australian authorities are concerned about vulnerabilities outside government networks.
The ban targets organizations that fall under the Public Governance, Performance, and Accountability Act 2013, where they are required to submit their systems for a full audit of all Kaspersky products. The companies are now required to come up with procedures for preventing future installation and report compliance for scrutiny by security authorities.
Kaspersky has strongly rejected the allegations, the company’s Corporate Communications Manager Mai Al Akkad stating that the action appears politically driven and not technically justified.
“Kaspersky believes that the action is a result of the current geopolitical environment and was not supported by any technical assessment of the company’s products, to which the company has been actively appealing,” Al Akkad stated.
The company specifically complained of the abrupt enforcement of the directive, claiming it was “issued without warning or opportunity for engagement to resolve the concerns of the Australian Government,” which they deem to be “indicating its political basis.” Kaspersky has maintained that its products are not inherently a matter of security, and has always called for evidence-based decisions, as opposed to blanket bans.
Evidence vs. Precaution: The Kaspersky Restrictions
Australia’s move is consistent with the same moves other Western nations have made in recent times. The United States first banned Kaspersky products on its government networks in 2017 before applying the same to all U.S. companies and consumers as recently as September 29, 2024. Germany advised its companies to discontinue using Kaspersky products following Russia’s invasion of Ukraine, and Canada banned government officials’ smartphones in October 2023.
These cooperative efforts are a sign of increasing anxiety in Western countries about potential threats from technology companies with ties to countries geopolitically considered to be rivals.
Critics argue that companies like Kaspersky can be pressured to assist their respective home countries in the field of intelligence operations, even when the companies portray themselves as independent.
Cybersecurity experts remain split on whether or not such restrictions are good risk management or too cautious.
Cybersecurity Bans: Security vs. Geopolitics
Some believe that in the absence of clear evidence of bad behavior, such restrictions would unnecessarily limit competition within the cybersecurity sector and even deprive organizations of valuable security tools.
The Australian directive specifically mentioned “foreign interference, espionage, and sabotage concerns” without outlining individual evidence for security breaches involving Kaspersky products.
This has added to speculation regarding whether such bans are mainly for security concerns or part of wider geopolitics in the more polarized technology world. For Moscow’s Kaspersky, founded in 1997, these growing restrictions present a significant threat to their global business operations, particularly in Western markets.
The company has long rejected improper connections with the Russian government and has tried to allay concerns by introducing transparency programs and relocating some data processing activities out of Russia.
As governments around the globe continue to search technology supply chains for possible security weaknesses, such actions against firms considered close to geopolitical rivals may continue to emerge, perhaps bifurcating the global cybersecurity market along geopolitical lines.
