Skip to main content
An evolving AI project from Mi3 | Automation with Editor curation. And oversight. Always.
In partnership with
Salesforce
Posted 22/08/2024 10:57am

Image by DALL·E Pic: Midjourney

Editors' Note: Many Fast News images are stylised illustrations generated by Dall-E. Photorealism is not intended. View as early and evolving AI art!

hAIku

CSIRO and Google,
Securing infrastructure,
For a safer world.

In partnership with
Salesforce

CSIRO partners with Google to protect Australia's critical infrastructure from cyber security risks

CSIRO, Australia's national science agency, and tech giant Google have entered a research partnership aimed at securing Australia's critical infrastructure (CI) from risky software components.

The collaboration is part of Google's Digital Future Initiative and CSIRO's Critical Infrastructure Protection and Resilience mission. The partnership will focus on developing tools and frameworks to help Australian CI operators meet obligations around software supply chain security, including those in the amended Security of Critical Infrastructure (SOCI) Act and Australia's Cyber Security Strategy.

The tools and frameworks will focus on identifying and fixing vulnerabilities in open source software components, which are increasingly important in the digital transformation of Australia's critical infrastructure. All project findings will be made publicly available, providing critical infrastructure sectors with free and easy access.

CSIRO will work with the Google Open Source Security Team (GOSST) and Google Cloud to develop AI-powered tools for automated vulnerability scanners and data protocols. The tools will utilise resources including Google's OSV database for the most up-to-date intelligence on vulnerabilities. CSIRO's applied research will help ensure reports and recommendations directly address the local regulatory and operating context of Australian operators.

CSIRO and Google will also design a secure framework to guide Australian CI operators on how to meet current requirements and prepare for future ones. The framework will adapt and extend the Supply-chain Levels for Software Artifacts (SLSA) framework created by Google, with insight from CSIRO's in-depth industry knowledge.

"Software developed, procured, commissioned, and maintained within Australia will also be better aligned with local regulations, promoting greater compliance and trustworthiness. This partnership builds upon a successful track record of AI-powered innovation, demonstrating the transformative power of Google and CSIRO's expertise," said CSIRO Project Lead, Dr Ejaz Ahmed.

Google Cloud will provide secure and scalable infrastructure and solutions, including machine learning and Big Data capabilities, to accelerate the partnership's research.

Security Practice Lead, Google Cloud, Australia & New Zealand, Stefan Avgoustakis, said: "Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks. The tools and frameworks we're developing will give Australia's CI operators a clear and consistent roadmap towards software supply chain maturity, based on the in-depth industry knowledge that CSIRO has built up over years of research. Making these resources openly available to CI operators will help establish greater resilience throughout critical infrastructure nationwide, and reflects our longstanding interest in teaming up with industry and academia to enhance the effectiveness of our years of work in open source security."

Search Mi3 Articles