Share this article on:
The search and cloud giant and Australia’s national science agency are teaming up to tackle weak links in critical infrastructure software supply chains.
Google and CSIRO announced a new research partnership today (22 August) to assist critical infrastructure operators in addressing vulnerabilities in commonly used software in the sector.
The partnership is part of CSIRO’s Critical Infrastructure Protection and Resilience program and Google’s Digital Future Initiative and will see the pair develop a range of tools to help operators meet their legislative requirements, including the Security of Critical Infrastructure Act.
The research will also be informed by the Australian government’s wider Cyber Security Strategy policies.
Identifying and addressing risks in open-source software – used by many critical infrastructure entities – will be a key component of the research, and all findings will be made publicly and freely available.
The Google Open Source Security Team and Google Cloud will work with CSIRO to create AI-powered tools capable of analysing vulnerabilities in open-source software.
Dr Ejaz Ahmed, CSIRO’s project lead, said that “new and homegrown technologies” could be of vital importance to securing the software that critical infrastructure entities rely upon.
Google Cloud will provide big data and machine learning capabilities, while the pair will also work on a secure framework to assist operators in meeting their requirements and growing their supply chain maturity.
“Software developed, procured, commissioned, and maintained within Australia will also be better aligned with local regulations, promoting greater compliance and trustworthiness,” Ahmed said in a statement.
“This partnership builds upon a successful track record of AI-powered innovation, demonstrating the transformative power of Google and CSIRO’s expertise.”
Stefan Avgoustakis, security practice lead of Google Cloud, Australia and New Zealand, said that software supply chain vulnerabilities are a “global issue” that Australia is taking the lead on.
“The tools and frameworks we’re developing will give Australia’s CI operators a clear and consistent roadmap towards software supply chain maturity, based on the in-depth industry knowledge that CSIRO has built up over years of research,” Avgoustakis said.
“Making these resources openly available to CI operators will help establish greater resilience throughout critical infrastructure nationwide and reflects our longstanding interest in teaming up with industry and academia to enhance the effectiveness of our years of work in open source security.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.