Skip to content
Government ACT, Information Technology

CSIRO and Google partner to help secure Australia’s Critical Infrastructure from risky software components

Google 2 mins read

Partnership to assist critical infrastructure operators in meeting growing legislative obligations to prove the integrity and security of their software supply chains

 

CSIRO, Australia’s national science agency, and Google today announced a research partnership to close crucial gaps in how Australia’s critical infrastructure (CI) operators find, understand, and fix vulnerabilities in their software supply chains. 

 

A part of Google’s Digital Future Initiative and CSIRO’s Critical Infrastructure Protection and Resilience developing mission, the partnership will see Google and CSIRO work together to develop tools and frameworks that help Australian CI operators meet critical obligations around software supply chain security, including those in the amended Security of Critical Infrastructure (SOCI) Act and Australia’s Cyber Security Strategy

 

The tools and frameworks will focus on accurately identifying and fixing vulnerabilities in open source software components that have become an increasingly important part of digital transformation for Australia’s critical infrastructure, which includes everything from public utilities and hospitals to freight networks and groceries.  To maximise the impact of this partnership, all project findings will be publicly available, allowing critical infrastructure sectors free and easy access. 

 

CSIRO’s Project Lead, Dr Ejaz Ahmed, said the creation of new and homegrown technologies will enhance the security of software used in Australian critical infrastructure. 

“Software developed, procured, commissioned, and maintained within Australia will also be better aligned with local regulations, promoting greater compliance and trustworthiness,” Dr Ahmed said.  “This partnership builds upon a successful track record of AI-powered innovation, demonstrating the transformative power of Google and CSIRO's expertise.” 

 

A roadmap to more secure software

The partnership will see CSIRO work with the Google Open Source Security Team (GOSST) and Google Cloud to develop novel AI-powered tools for automated vulnerability scanners and data protocols that can quickly and precisely identify and assess the impact of open source vulnerabilities on Australian CI operators’ software supply chains. 

 

The tools will tap on existing resources including Google’s OSV database for the most up-to-date intelligence on vulnerabilities. CSIRO’s applied research, including methods to test for responsible AI usage and tools for analysing software packages, will help to ensure reports and recommendations directly address the local regulatory and operating context of Australian operators.

 

Similarly, CSIRO and Google will collaborate on designing a secure framework that gives Australian CI operators clear guidance on how to meet current requirements and a baseline for future ones. The framework will adapt and extend the Supply-chain Levels for Software Artifacts (SLSA) framework created by Google, with insight from CSIRO’s Australian industry practices, to define multiple levels of software supply chain maturity as well as steps to achieve each one. 

 

Google Cloud will provide secure and scalable infrastructure and solutions, including machine learning and Big Data capabilities as well as domain specific large language models, to accelerate the partnership’s research and translate it into tools or as-a-service offerings for CI operators. 

 

“Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks," said Stefan Avgoustakis, Security Practice Lead, Google Cloud, Australia & New Zealand. 

 

“The tools and frameworks we’re developing will give Australia’s CI operators a clear and consistent roadmap towards software supply chain maturity, based on the in-depth industry knowledge that CSIRO has built up over years of research. Making these resources openly available to CI operators will help establish greater resilience throughout critical infrastructure nationwide, and reflects our longstanding interest in teaming up with industry and academia to enhance the effectiveness of our years of work in open source security.” 

More from this category

  • Government Federal, Information Technology
  • 12/09/2024
  • 15:15
Parliament of Australia

Inquiry commences into public sector AI use

The Joint Committee of Public Accounts and Audit (JCPAA) has commenced an inquiry into the use and governance of artificial intelligence (AI) systems by public sector entities. The Chair of the JCPAA,the Hon Linda Burney MP, said that ‘evidence to the Committee’s 2022-23 Commonwealth Financial Statements inquiry indicated an increased adoption of AI by public sector entities but also a lack of adequate governance frameworks to regulate and monitor this use. The Committee has decided that oversight is needed of the current and potential future impacts of this fast-developing technology in delivering outcomes for the Australian public.’ The inquiry will…

  • Information Technology
  • 12/09/2024
  • 11:10
SIMPPLE Ltd.

SIMPPLE Australia won the prestigious ISSA Excellence Awards at the 2024 ISSA Cleaning & Hygiene Expo in Sydney

SYDNEY, Sept. 12, 2024 (GLOBE NEWSWIRE) -- SIMPPLE Australia Pty Ltd, a subsidiary of SIMPPLE Ltd. (NASDAQ: SPPL, “SIMPPLE”, “the Company”) and a leading technology provider in the integrated facility management sector, was announced as the winner of the ISSA Excellence Award (Innovation) for Large Equipment.As part of the annual awards program organised by the International Sanitary Supply Association (ISSA), the worldwide cleaning industry association recognised the most innovative and high-quality cleaning and facility solutions products and services at this year’s ISSA Cleaning & Hygiene Expo 2024 in Sydney, Australia.James Yatras, Director of SIMPPLE Australia Pty Ltd, expressed his appreciation,…

  • Information Technology
  • 11/09/2024
  • 20:40
Pixotope

Pixotope Forges Strategic Partnership with Happy Elephant Consortium for Asia-Pacific Expansion

OSLO, NORWAY / ACCESSWIRE / September 11, 2024 / Pixotope Technologies AS, the leading platform for end-to-end real-time virtual production solutions, is excited to announce a landmark partnership with the Happy Elephant consortium as its exclusive distributor for Greater China and selected countries in Southeast Asia region. This collaboration marks a pivotal moment in Pixotope's global growth strategy, set to transform virtual production accessibility in one of the world's most vibrant and rapidly evolving markets. The Happy Elephant consortium, uniting the formidable talents of Happy Elephant, Totem Vision, and Socam, brings a wealth of expertise and established market presence to…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.