security

Gov says tech vendor review framework now finalised – iTnews


The federal government has created a “review framework” to measure the national security and supply chain security risks that technology vendors and their products may pose.

Gov says tech vendor review framework now finalised


The framework was a deliverable under the 2023-30 cyber security strategy.

“The government will develop a framework for assessing the national security risks presented by vendor products and services operating within and entering the Australian economy,” the strategy stated. [pdf]

“Using this framework, the government will help industry manage supply chain risks and make informed procurement decisions about the security of products and services.”

Minister for the Home Affairs and cyber security portfolios Tony Burke said in a statement that the framework is now completed but won’t be made public.

This is “to ensure the integrity of the framework’s processes and protect information related to national security,” Burke said.

The framework isn’t just about considering risks posed by certain vendors and their technology; it is also about mitigating those risks “where necessary”.

“The majority of … vendors do not present a threat to Australia’s interests,” Burke said.

“However, understanding and managing the national security risks presented by technologies which could be controlled or accessed by a foreign state is a growing challenge.

“If the vendor, through its product or service offerings, has access to sensitive systems or data, and has ties to a foreign government with interests which conflict with ours, there is a risk they could be compelled to act on behalf of that country against Australia’s national interest.”

Burke said the intent is to balance security and innovation, ensuring Australian organisations can access new technologies safely.

Read More   Tech summer camp aims to boost interest in cyber security and other skills - Cyber Daily

He added that “consultation will be a key feature of reviews under the framework.”

“The Australian government will engage directly with organisations and end-users, as appropriate, to understand the risks introduced by a product or service, and mitigations that may already be in place.”



READ SOURCE

This website uses cookies. By continuing to use this site, you accept our use of cookies.