Australia's national science agency is teaming up with Google to protect critical national infrastructure including public utilities, hospitals and more by automating the hunt for flaws in software throughout their supply chain.
The Commonwealth Scientific and Industrial Research Organisation (CSIRO), which is Australia's national science agency, will work with Google on a research partnership to help critical infrastructure operators spot and fix potential security vulnerabilities in third-party software and products in their supply chain.
Amid rising attacks against its critical national infrastructure, such as the recent Optus and Medibank cyber attacks, Australia last year set a goal to become the most cyber-secure country by 2030.
That's laid out via the country's Cyber Security Strategy, which includes setting up a 100-person team to hunt down hackers, efforts to strengthen critical infrastructure networks, and building up local security abilities.
"Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks," said Stefan Avgoustakis, Security Practice Lead for Google Cloud in Australia and New Zealand.
Automated flaw hunting
Set up to support that wider security work, the Google-CSIRO partnership will see the two organizations work together to create tools and frameworks to improve software security across the supply chain for critical infrastructure (CI) operators, which includes utilities, hospitals, freight networks and even grocery stores.
CSIRO will work with Google's Open Source Security Team to develop AI tools for automated vulnerability scanners to more quickly spot and assess flaws in software used by CI operators.
Those systems will make use of Google's own vulnerability database and make use of Google Cloud for infrastructure, machine learning, and to eventually offer any tools developed to CI operators. CSIRO will bring to the table its work on techniques to test for responsible AI, and ensure the systems meet legal requirements for reporting flaws.
Beyond developing flaw-spotting tools, the research will also design a framework to help Australian CI operators meet existing and future security rules.
"The tools and frameworks we’re developing will give Australia’s CI operators a clear and consistent roadmap towards software supply chain maturity, based on the in-depth industry knowledge that CSIRO has built up over years of research," said Stefan Avgoustakis, Security Practice Lead, Google Cloud, Australia & New Zealand.
Locally sourced solutions
The CSIRO hopes the project will spark locally developed technologies, believing that will be safer for the country — that comes at a time when security and networking products from Russia and China have been banned in the US.
"Software developed, procured, commissioned, and maintained within Australia will also be better aligned with local regulations, promoting greater compliance and trustworthiness," said CSIRO’s Project Lead, Dr Ejaz Ahmed.
All of the project research will be published and freely available to ensure all critical infrastructure operators have ready access.
"Making these resources openly available to CI operators will help establish greater resilience throughout critical infrastructure nationwide, and reflects our longstanding interest in teaming up with industry and academia to enhance the effectiveness of our years of work in open source security," said Avgoustakis.
-
Westcon-Comstor unveils new managed SOC solution for Cisco partnersNews Powered by Cisco XDR, the new offering will enable partners to tap into new revenue streams, the company said
-
April rundown: MITRE frights and Microsoft launches Recall (again)ITPro Podcast As CISA delivered an eleventh-hour reprieve for the CVE database, AWS reportedly began to pause some data center leases
-
Foreign AI model launches may have improved trust in US AI developers, says Mandiant CTO – as he warns Chinese cyber attacks are at an “unprecedented level”News Concerns about enterprise AI deployments have faded due to greater understanding of the technology and negative examples in the international community, according to Mandiant CTO Charles Carmakal.
-
Adopting more security tools doesn't keep you safe, it just overloads your teamsNews Security tool sprawl makes it harder to manage environments and overwhelms teams
-
Google’s Big Sleep AI model just found a zero-day vulnerability in the wild — but don’t hold your breath for game-changing AI bug hunting tools any time soonNews Google clarified it was the first undiscovered memory safety bug to be flagged by an AI agent, touting this as a significant step in using AI for vulnerability research
-
Google Workspace just got a slew of new zero trust features to help supercharge user security – here's what you need to knowNews New Zscaler integrations across Chrome Enterprise, Google Workspace, and Google Security Operations aim to enhance enterprise security and access
-
Google says Microsoft can’t be trusted after email security blundersNews Google has fired a broadside at Microsoft amid concerns over the tech giant's repeated security blunders
-
Google forced to delete billions of incognito browsing records after privacy controversyNews Google has agreed to delete data it gained improperly through its private browsing function
-
Google spent $10 million on bug bounty payouts last year — here's what flaws researchers uncoveredNews Google’s Vulnerability program paid rewards to 600 researchers in 2023, with Android flaws earning a third of the total
-
Magika, Google's new AI security tool, helps users identify malware at rapid speed - and it's free to access on GitHubNews Google hopes its Magika AI security tool will rapidly accelerate malicious file identification, but there are some limitations, according to industry experts
