Australia and Google turn to AI to protect critical infrastructure
Australia's CSIRO partners with Google to develop homegrown AI security tools for infrastructure


Australia's national science agency is teaming up with Google to protect critical national infrastructure including public utilities, hospitals and more by automating the hunt for flaws in software throughout their supply chain.
The Commonwealth Scientific and Industrial Research Organisation (CSIRO), which is Australia's national science agency, will work with Google on a research partnership to help critical infrastructure operators spot and fix potential security vulnerabilities in third-party software and products in their supply chain.
Amid rising attacks against its critical national infrastructure, such as the recent Optus and Medibank cyber attacks, Australia last year set a goal to become the most cyber-secure country by 2030.
That's laid out via the country's Cyber Security Strategy, which includes setting up a 100-person team to hunt down hackers, efforts to strengthen critical infrastructure networks, and building up local security abilities.
"Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks," said Stefan Avgoustakis, Security Practice Lead for Google Cloud in Australia and New Zealand.
Automated flaw hunting
Set up to support that wider security work, the Google-CSIRO partnership will see the two organizations work together to create tools and frameworks to improve software security across the supply chain for critical infrastructure (CI) operators, which includes utilities, hospitals, freight networks and even grocery stores.
CSIRO will work with Google's Open Source Security Team to develop AI tools for automated vulnerability scanners to more quickly spot and assess flaws in software used by CI operators.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
Those systems will make use of Google's own vulnerability database and make use of Google Cloud for infrastructure, machine learning, and to eventually offer any tools developed to CI operators. CSIRO will bring to the table its work on techniques to test for responsible AI, and ensure the systems meet legal requirements for reporting flaws.
Beyond developing flaw-spotting tools, the research will also design a framework to help Australian CI operators meet existing and future security rules.
"The tools and frameworks we’re developing will give Australia’s CI operators a clear and consistent roadmap towards software supply chain maturity, based on the in-depth industry knowledge that CSIRO has built up over years of research," said Stefan Avgoustakis, Security Practice Lead, Google Cloud, Australia & New Zealand.
Locally sourced solutions
The CSIRO hopes the project will spark locally developed technologies, believing that will be safer for the country — that comes at a time when security and networking products from Russia and China have been banned in the US.
"Software developed, procured, commissioned, and maintained within Australia will also be better aligned with local regulations, promoting greater compliance and trustworthiness," said CSIRO’s Project Lead, Dr Ejaz Ahmed.
All of the project research will be published and freely available to ensure all critical infrastructure operators have ready access.
"Making these resources openly available to CI operators will help establish greater resilience throughout critical infrastructure nationwide, and reflects our longstanding interest in teaming up with industry and academia to enhance the effectiveness of our years of work in open source security," said Avgoustakis.
Freelance journalist Nicole Kobie first started writing for ITPro in 2007, with bylines in New Scientist, Wired, PC Pro and many more.
Nicole the author of a book about the history of technology, The Long History of the Future.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapers
News While not malicious, the bots can overwhelm web applications in a way similar to bad actors
By Jane McCallion Published
-
Does speech recognition have a future in business tech?
Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
By Jonathan Weinberg Published
-
Adopting more security tools doesn't keep you safe, it just overloads your teams
News Security tool sprawl makes it harder to manage environments and overwhelms teams
By Ross Kelly Published
-
Google’s Big Sleep AI model just found a zero-day vulnerability in the wild — but don’t hold your breath for game-changing AI bug hunting tools any time soon
News Google clarified it was the first undiscovered memory safety bug to be flagged by an AI agent, touting this as a significant step in using AI for vulnerability research
By Solomon Klappholz Published
-
Google Workspace just got a slew of new zero trust features to help supercharge user security – here's what you need to know
News New Zscaler integrations across Chrome Enterprise, Google Workspace, and Google Security Operations aim to enhance enterprise security and access
By Daniel Todd Last updated
-
Google says Microsoft can’t be trusted after email security blunders
News Google has fired a broadside at Microsoft amid concerns over the tech giant's repeated security blunders
By Solomon Klappholz Published
-
Google forced to delete billions of incognito browsing records after privacy controversy
News Google has agreed to delete data it gained improperly through its private browsing function
By George Fitzmaurice Published
-
Google spent $10 million on bug bounty payouts last year — here's what flaws researchers uncovered
News Google’s Vulnerability program paid rewards to 600 researchers in 2023, with Android flaws earning a third of the total
By Steve Ranger Published
-
Magika, Google's new AI security tool, helps users identify malware at rapid speed - and it's free to access on GitHub
News Google hopes its Magika AI security tool will rapidly accelerate malicious file identification, but there are some limitations, according to industry experts
By George Fitzmaurice Published
-
Malvertising has been out of control in 2023, and Google needs to do more to stop it
Analysis Google has been scrambling to contend with an increase in malvertising campaigns across the year
By Solomon Klappholz Published