Google and Australia’s CSIRO Team Up to

Safeguard Critical Infrastructure with AI

Google: A National Push for Cybersecurity

Google Australia is aiming to become the most cyber-secure nation in the world by 2030. In response to a rise in cyberattacks, especially on vital national infrastructure like Medibank and Optus, the country has developed a comprehensive cybersecurity strategy. This includes enhancing protection for public utilities, healthcare systems, and transportation networks. One major initiative involves hiring a 100-person team focused on hunting cybercriminals and developing homegrown security technologies.

Strategic Partnership Between Google and CSIRO

To support this goal, Google has partnered with Australia’s national science agency, the Commonwealth Scientific and Industrial Research Organisation (CSIRO). The collaboration is focused on building AI-powered tools to detect and mitigate software vulnerabilities in the supply chains of critical infrastructure (CI) operators. This includes hospitals, freight networks, power grids, and even grocery supply chains.

According to German Avgoustakis, Google Cloud’s Security Practice Lead for Australia and New Zealand, software supply chain vulnerabilities are a global issue. However, Australia is proactively addressing this by enacting strong cybersecurity laws and policies.

Automating Vulnerability Detection

One of the primary goals of the partnership is to create AI-based scanners capable of automatically identifying weaknesses in third-party software. These tools will help CI operators detect and fix issues faster than traditional manual reviews.

CSIRO is collaborating with Google’s Open Source Security Team to integrate these tools into existing systems. By leveraging Google Cloud infrastructure and machine learning, the tools will deliver real-time insights. They will also use Google’s extensive vulnerability database for accurate and up-to-date threat detection.

Ensuring Responsible and Compliant AI

The project isn’t just about creating scanning tools. It also aims to develop a comprehensive framework to ensure responsible AI practices. CSIRO will lead research on ethical AI deployment and compliance with regulatory standards related to vulnerability disclosure.

Stefan Avgoustakis, Security Practice Lead at Google Cloud, emphasized that the frameworks will provide a clear roadmap for CI operators. These guidelines will help them achieve maturity in software supply chain management and enhance their cybersecurity posture.

Strengthening Local Capabilities

The initiative also emphasizes the importance of sourcing solutions locally. In an era where the U.S. has restricted the use of hardware developed in adversarial countries, Australia is promoting homegrown technology.

Dr. Ejaz Ahmed, Project Lead at CSIRO, highlighted that software developed and maintained within Australia will align better with local laws and build public trust. He added that these efforts will not only boost national security but also ensure long-term compliance.

Global Implications

Though the tools and frameworks are being developed for Australia, they have broader relevance. If made publicly available, other nations can adopt these resources to strengthen their own CI defenses.

“Open access to these solutions can help critical infrastructure operators worldwide build resilience,” said Avgoustakis. “It also reinforces our commitment to collaboration between industry and academia.”