Australia's national science agency is teaming up with Google to protect critical national infrastructure including public utilities, hospitals and more by automating the hunt for flaws in software throughout their supply chain.
The Commonwealth Scientific and Industrial Research Organisation (CSIRO), which is Australia's national science agency, will work with Google on a research partnership to help critical infrastructure operators spot and fix potential security vulnerabilities in third-party software and products in their supply chain.
Amid rising attacks against its critical national infrastructure, such as the recent Optus and Medibank cyber attacks, Australia last year set a goal to become the most cyber-secure country by 2030.
That's laid out via the country's Cyber Security Strategy, which includes setting up a 100-person team to hunt down hackers, efforts to strengthen critical infrastructure networks, and building up local security abilities.
"Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks," said Stefan Avgoustakis, Security Practice Lead for Google Cloud in Australia and New Zealand.
Automated flaw hunting
Set up to support that wider security work, the Google-CSIRO partnership will see the two organizations work together to create tools and frameworks to improve software security across the supply chain for critical infrastructure (CI) operators, which includes utilities, hospitals, freight networks and even grocery stores.
CSIRO will work with Google's Open Source Security Team to develop AI tools for automated vulnerability scanners to more quickly spot and assess flaws in software used by CI operators.
Those systems will make use of Google's own vulnerability database and make use of Google Cloud for infrastructure, machine learning, and to eventually offer any tools developed to CI operators. CSIRO will bring to the table its work on techniques to test for responsible AI, and ensure the systems meet legal requirements for reporting flaws.
Beyond developing flaw-spotting tools, the research will also design a framework to help Australian CI operators meet existing and future security rules.
"The tools and frameworks we’re developing will give Australia’s CI operators a clear and consistent roadmap towards software supply chain maturity, based on the in-depth industry knowledge that CSIRO has built up over years of research," said Stefan Avgoustakis, Security Practice Lead, Google Cloud, Australia & New Zealand.
Locally sourced solutions
The CSIRO hopes the project will spark locally developed technologies, believing that will be safer for the country — that comes at a time when security and networking products from Russia and China have been banned in the US.
"Software developed, procured, commissioned, and maintained within Australia will also be better aligned with local regulations, promoting greater compliance and trustworthiness," said CSIRO’s Project Lead, Dr Ejaz Ahmed.
All of the project research will be published and freely available to ensure all critical infrastructure operators have ready access.
"Making these resources openly available to CI operators will help establish greater resilience throughout critical infrastructure nationwide, and reflects our longstanding interest in teaming up with industry and academia to enhance the effectiveness of our years of work in open source security," said Avgoustakis.
-
Security experts issue warning over the rise of 'gray bot' AI web scrapersNews While not malicious, the bots can overwhelm web applications in a way similar to bad actors
-
Does speech recognition have a future in business tech?Once a simple tool for dictation, speech recognition is being revolutionized by AI to improve customer experiences and drive inclusivity in the workforce
-
Adopting more security tools doesn't keep you safe, it just overloads your teamsNews Security tool sprawl makes it harder to manage environments and overwhelms teams
-
Google’s Big Sleep AI model just found a zero-day vulnerability in the wild — but don’t hold your breath for game-changing AI bug hunting tools any time soonNews Google clarified it was the first undiscovered memory safety bug to be flagged by an AI agent, touting this as a significant step in using AI for vulnerability research
-
Google Workspace just got a slew of new zero trust features to help supercharge user security – here's what you need to knowNews New Zscaler integrations across Chrome Enterprise, Google Workspace, and Google Security Operations aim to enhance enterprise security and access
-
Google says Microsoft can’t be trusted after email security blundersNews Google has fired a broadside at Microsoft amid concerns over the tech giant's repeated security blunders
-
Google forced to delete billions of incognito browsing records after privacy controversyNews Google has agreed to delete data it gained improperly through its private browsing function
-
Google spent $10 million on bug bounty payouts last year — here's what flaws researchers uncoveredNews Google’s Vulnerability program paid rewards to 600 researchers in 2023, with Android flaws earning a third of the total
-
Magika, Google's new AI security tool, helps users identify malware at rapid speed - and it's free to access on GitHubNews Google hopes its Magika AI security tool will rapidly accelerate malicious file identification, but there are some limitations, according to industry experts
-
Malvertising has been out of control in 2023, and Google needs to do more to stop itAnalysis Google has been scrambling to contend with an increase in malvertising campaigns across the year
