Google has announced a new collaboration with Australia's national science agency, the Commonwealth Scientific and Industrial Research Organisation (CSIRO), to develop advanced cybersecurity tools for the country's critical infrastructure.

This partnership aims to address vulnerabilities in software supply chains and bolster digital defences across vital sectors.

The initiative comes as part of Google's Digital Future Initiative and CSIRO's Critical Infrastructure Protection and Resilience programme. It will focus on creating innovative artificial intelligence-driven tools to identify and resolve vulnerabilities in open-source software components, which are increasingly crucial to Australia's digital infrastructure.

Stefan Avgoustakis, head of security practice for Google Cloud in Australia and New Zealand, highlighted the global nature of software supply chain vulnerabilities and praised Australia's proactive approach to legislative measures in this area. The collaboration will leverage Google's existing Open Source Vulnerability (OSV) database and artificial intelligence capabilities, combined with CSIRO's research expertise and understanding of local regulatory requirements.

A key objective of the partnership is to develop a secure framework that will guide Australian critical infrastructure operators in meeting current and future security requirements. This framework will build upon Google's Supply-chain Levels for Software Artifacts (SLSA) framework, incorporating insights from CSIRO to ensure alignment with Australian industry practices.

Ejaz Ahmed, the CSIRO project lead, emphasised that software developed within this partnership will be better aligned with local regulations, promoting greater compliance and trustworthiness. The initiative will also focus on creating tools to help Australian critical infrastructure operators comply with the amended Security of Critical Infrastructure (SOCI) Act and Australia's Cyber Security Strategy.

Google Cloud will provide secure and scalable infrastructure to support the research, including machine learning capabilities and domain-specific large language models. This will help expedite the research process and facilitate the translation of findings into practical tools for critical infrastructure operators.

In a move towards transparency and accessibility, all findings from the project will be made publicly available. This approach aims to ensure that critical infrastructure sectors can freely access and implement the developed tools and frameworks, fostering greater resilience nationwide.

The collaboration between Google and CSIRO represents a significant step in addressing the growing cybersecurity challenges faced by Australia's critical infrastructure. By combining global expertise with local knowledge, the partnership seeks to create tailored solutions that meet the specific needs of Australian operators while aligning with international best practices in software supply chain security.

---