Research Collaboration Between CSIRO and Google Aims to Address Key Cybersecurity Flaws in Infrastructure Systems
In a significant move towards bolstering the security of critical infrastructure in Australia, Google and the Commonwealth Scientific and Industrial Research Organisation (CSIRO) have joined forces to develop tools and frameworks. This partnership, built upon a successful history of AI-powered innovation, underscores the transformative potential of the combined expertise of these two global powerhouses.
The collaboration aims to help Australian critical infrastructure operators address software supply chain vulnerabilities, a critical concern in today's digital age. Stefan Avgoustakis, ANZ Security Practice Lead at Google Cloud, has stated that the tools and frameworks will provide a clear roadmap towards software supply chain maturity for these operators.
The development of these tools and frameworks is timely, as they will assist operators in meeting obligations around software supply chain security as outlined in the amended Security of Critical Infrastructure (SOCI) Act and Australia's Cyber Security Strategy. All project findings will be made publicly available, ensuring free and easy access for critical infrastructure sectors across the nation.
Google Cloud will offer its machine learning, big data capabilities, and domain-specific large language models to accelerate the partnership's research. CSIRO, on the other hand, will leverage its applied research to ensure that reports and recommendations address the local regulatory and operating context of Australian operators.
The tools will primarily focus on open-source software components, which have become increasingly important in Australia's digital transformation of critical infrastructure sectors such as public utilities, hospitals, freight networks, and groceries. They will utilise Google's OSV database for up-to-date vulnerability intelligence.
CSIRO and Google will collaborate on designing a secure framework for Australian critical infrastructure operators, adapting and extending the Supply-chain Levels for Software Artifacts (SLSA) framework. This framework will define multiple levels of software supply chain maturity and provide steps to achieve each level.
The partnership is also aimed at assisting critical infrastructure operators in meeting growing legislative obligations to prove the integrity and security of their software supply chains. Google Cloud will provide secure and scalable infrastructure and solutions for the partnership's research and tool development.
The tools will focus on accurately identifying and fixing vulnerabilities in open-source software components. To achieve this, CSIRO will work with the Google Open Source Security Team and Google Cloud to develop AI-powered tools for automated vulnerability scanners and data protocols.
This collaboration reflects Google's longstanding interest in teaming up with industry and academia to enhance the effectiveness of open source security. It is part of Google's Digital Future Initiative and CSIRO's Critical Infrastructure Protection and Resilience developing mission. The resources developed will be openly available to critical infrastructure operators, with the ultimate goal of establishing greater resilience throughout critical infrastructure nationwide.
Read also:
- International powers, including France, Germany, and the UK, advocate for the reinstatement of sanctions against Iran.
- Republicans advocate Trump's domestic policy plans in Iowa, though some business owners remain skeptic
- Procedure for Granting the Contract Has Been Instigated by the Commission
- Auto Industry Updates: Geotab, C2A, Deloitte, NOVOSENSE, Soracom, and Panasonic Make Headlines in Connected Car Sector News
