Skip to content
Government ACT, Information Technology

CSIRO and Google partner to help secure Australia’s Critical Infrastructure from risky software components

Google 2 mins read

Partnership to assist critical infrastructure operators in meeting growing legislative obligations to prove the integrity and security of their software supply chains

 

CSIRO, Australia’s national science agency, and Google today announced a research partnership to close crucial gaps in how Australia’s critical infrastructure (CI) operators find, understand, and fix vulnerabilities in their software supply chains. 

 

A part of Google’s Digital Future Initiative and CSIRO’s Critical Infrastructure Protection and Resilience developing mission, the partnership will see Google and CSIRO work together to develop tools and frameworks that help Australian CI operators meet critical obligations around software supply chain security, including those in the amended Security of Critical Infrastructure (SOCI) Act and Australia’s Cyber Security Strategy

 

The tools and frameworks will focus on accurately identifying and fixing vulnerabilities in open source software components that have become an increasingly important part of digital transformation for Australia’s critical infrastructure, which includes everything from public utilities and hospitals to freight networks and groceries.  To maximise the impact of this partnership, all project findings will be publicly available, allowing critical infrastructure sectors free and easy access. 

 

CSIRO’s Project Lead, Dr Ejaz Ahmed, said the creation of new and homegrown technologies will enhance the security of software used in Australian critical infrastructure. 

“Software developed, procured, commissioned, and maintained within Australia will also be better aligned with local regulations, promoting greater compliance and trustworthiness,” Dr Ahmed said.  “This partnership builds upon a successful track record of AI-powered innovation, demonstrating the transformative power of Google and CSIRO's expertise.” 

 

A roadmap to more secure software

The partnership will see CSIRO work with the Google Open Source Security Team (GOSST) and Google Cloud to develop novel AI-powered tools for automated vulnerability scanners and data protocols that can quickly and precisely identify and assess the impact of open source vulnerabilities on Australian CI operators’ software supply chains. 

 

The tools will tap on existing resources including Google’s OSV database for the most up-to-date intelligence on vulnerabilities. CSIRO’s applied research, including methods to test for responsible AI usage and tools for analysing software packages, will help to ensure reports and recommendations directly address the local regulatory and operating context of Australian operators.

 

Similarly, CSIRO and Google will collaborate on designing a secure framework that gives Australian CI operators clear guidance on how to meet current requirements and a baseline for future ones. The framework will adapt and extend the Supply-chain Levels for Software Artifacts (SLSA) framework created by Google, with insight from CSIRO’s Australian industry practices, to define multiple levels of software supply chain maturity as well as steps to achieve each one. 

 

Google Cloud will provide secure and scalable infrastructure and solutions, including machine learning and Big Data capabilities as well as domain specific large language models, to accelerate the partnership’s research and translate it into tools or as-a-service offerings for CI operators. 

 

“Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks," said Stefan Avgoustakis, Security Practice Lead, Google Cloud, Australia & New Zealand. 

 

“The tools and frameworks we’re developing will give Australia’s CI operators a clear and consistent roadmap towards software supply chain maturity, based on the in-depth industry knowledge that CSIRO has built up over years of research. Making these resources openly available to CI operators will help establish greater resilience throughout critical infrastructure nationwide, and reflects our longstanding interest in teaming up with industry and academia to enhance the effectiveness of our years of work in open source security.” 

More from this category

  • Information Technology
  • 07/02/2025
  • 07:40
Tradable Bits

AFL Clubs Choose Tradable Bits to Revolutionise Fan Engagement

17 Clubs Leverage Advanced Data Acquisition, Analysis, and Activation TechnologyMELBOURNE, Australia, Feb. 06, 2025 (GLOBE NEWSWIRE) -- Tradable Bits, the leading provider of fan marketing technology, has been selected by 17 Australian Football League (AFL) clubs to drive fan engagement, data collection, and activation strategies for the upcoming season.With over six years of collaboration with the AFL, Tradable Bits continues to expand its role in the league, enhancing data intelligence across in-venue, broadcast, email, and mobile SMS platforms.Tradable Bits provides comprehensive solutions tailored to the unique needs of sports organizations, including seamless fan engagement tools, a purpose-built CRM for teams,…

  • Information Technology
  • 07/02/2025
  • 00:40
Cellebrite DI Ltd

Cellebrite’s Generative AI Innovations Deliver a Powerful Assistant to Expedite Investigations

TYSONS CORNER, Va. and PETAH TIKVA, Israel, Feb. 06, 2025 (GLOBE NEWSWIRE) -- Cellebrite (NASDAQ: CLBT), a global leader in premier Digital Investigative solutions for the public and private sectors, today announced the general availability of Generative Artificial Intelligence (GenAI) capabilities within Guardian, the Company’s SaaS-based evidence management solution.By incorporating GenAI into Guardian, public safety agencies benefit from AI-driven productivity. Users can now form a more complete picture by quickly summarizing and contextualizing vast amounts of data, such as hours of audio messages or lengthy text message strings. Keywords and thematic direction accelerate an agency’s mission and empowers investigators who are…

  • Information Technology
  • 05/02/2025
  • 19:10
Yandex

Yandex develops and open-sources Perforator, an open-source tool that can save businesses billions of dollars a year on server infrastructure

Yandex introduces Perforator, a tool that can identify and evaluate code inefficiencies across a company’s entire code base.Perforator helps developers identify the most resource-intensive sections of code and provides detailed statistics for subsequent optimization.The solution can help businesses reduce CPU resource usage by 20% annually.By leveraging Perforator, companies can potentially save millions or even billions, depending on company size, and allocate resources for further innovation and growth.Perforator can be accessed for free on GitHub.DUBAI, United Arab Emirates, Feb. 05, 2025 (GLOBE NEWSWIRE) -- Yandex, a global tech company, develops and open-sources Perforator, an innovative tool for continuous real-time monitoring and…

Media Outreach made fast, easy, simple.

Feature your press release on Medianet's News Hub every time you distribute with Medianet. Pay per release or save with a subscription.