Collaboration between CSIRO and Google to Address Cybersecurity Vulnerabilities in Crucial Infrastructure Systems
In a significant move to bolster the security of software supply chains in critical infrastructure sectors across Australia, the Commonwealth Scientific and Industrial Research Organisation (CSIRO) and Google Cloud have partnered to develop innovative tools and frameworks.
The collaboration, which is part of Google's Digital Future Initiative and CSIRO's Critical Infrastructure Protection and Resilience developing mission, aims to make software developed, procured, commissioned, and maintained within Australia better aligned with local regulations. This, in turn, will promote greater compliance and trustworthiness in the industry.
Dr. Greg Male, the CSIRO project leader involved in the partnership project, will lead the research. The project will see CSIRO work with the Google Open Source Security Team and Google Cloud to develop AI-powered tools for automated vulnerability scanners. These tools will utilize Google's OSV database for up-to-date vulnerability intelligence.
The framework being developed will adapt and extend the Supply-chain Levels for Software Artifacts (SLSA) framework created by Google, with insights from CSIRO's Australian industry practices. It will define multiple levels of software supply chain maturity and steps to achieve each one, providing a clear roadmap towards software supply chain maturity for Australian critical infrastructure operators.
Stefan Avgoustakis, ANZ Security Practice Lead at Google Cloud, stated that the tools and frameworks will give Australian critical infrastructure operators a clear roadmap towards software supply chain maturity. He also mentioned that making these resources openly available to critical infrastructure operators will help establish greater resilience throughout critical infrastructure nationwide.
The partnership reflects Google Cloud's longstanding interest in teaming up with industry and academia to enhance the effectiveness of their work in open source security. CSIRO's applied research will help ensure reports and recommendations are tailored to the local regulatory and operating context of Australian operators.
The tools and frameworks will focus on accurately identifying and fixing vulnerabilities in open-source software components that are important for Australia's digital transformation of critical infrastructure. The project findings will be publicly available, allowing critical infrastructure sectors free and easy access.
The partnership is intended to help critical infrastructure operators in meeting growing legislative obligations to prove the integrity and security of their software supply chains. It will also develop data protocols that can quickly and precisely identify and assess the impact of open source vulnerabilities on Australian CI operators' software supply chains.
The collaboration aims to address the global issue of software supply chain vulnerabilities, with Australia leading the way in legislative measures to control and combat the risks. The partnership builds upon a successful track record of AI-powered innovation and is expected to significantly enhance the security posture of critical infrastructure in Australia.
The partnership will assist critical infrastructure operators in complying with the amended Security of Critical Infrastructure (SOCI) Act and Australia's Cyber Security Strategy. It is a significant step towards ensuring the resilience and security of critical infrastructure in Australia.
Read also:
- Musk announces intention to sue Apple for overlooking X and Grok in the top app listings
- Cybertruck's Disappointing Setback, Musk's New Policy, Mega-Pack Triumphs, Model Y's Anticipated Upgrade Prior to Refresh (Week of January 25 for Tesla)
- Innovative Company ILiAD Technologies Introduces ILiAD+: Boosting Direct Lithium Extraction Technology's Efficiency Substantially
- Nuclear Ambitions at a U.S. Airport Spark Controversy, With Opposition Swelling
