GIW Federal 2025: Securing the supply chain: Managing third-Party risk in government with Rosetta Romano

Her presentation examined one of the most pressing challenges in public-sector cyber security: supply-chain risk and the growing compliance burden placed on SMEs that support government and defence.

Like Comment

Strengthening Cyber Resilience in Government Supply Chains: A Presentation by Dr Rosetta Romano

She began by acknowledging Ngunnawal Country, reminding the audience that Lake Burley Griffin—now a symbol of Canberra’s identity—was once the Molonglo River, a gathering place for over 10,000 years. This historical perspective framed her discussion on community protection, shared responsibility, and the systemic impacts of cybersecurity decisions.

Dr Romano’s research focuses on third-party cyber risk, particularly among small and medium enterprises (SMEs) that support government and defence. She explored the increasingly complex landscape of cybersecurity standards:

  • Essential Eight, developed by ASD

  • DISP accreditation, mandatory for Defence-related work

  • ISO 27001, with more than 1,400 individual controls

  • NIST frameworks are used widely in global supply chains

Despite their importance, these frameworks are often inaccessible for SMEs that lack dedicated cyber teams. Many do not know where to start, how to interpret the requirements, or how to sustain compliance once achieved. She noted that certification processes can cost up to $100,000—prohibitively expensive for small businesses already focused on keeping operations afloat.

Her team’s research identified four key pain points:

  1. Overly complex and fragmented standards

  2. Lack of in-house expertise

  3. High cost and time burden of certification

  4. Difficulty maintaining accreditation long-term

To address this gap, Dr Romano introduced Cyber QAAI, an AI-powered initiative that aims to support SMEs by automating readiness assessments, generating tailored roadmaps, simplifying documentation, and providing real-time Q&A support—ultimately lowering the barrier to entry for secure participation in government supply chains.

In the second half of her talk, she spotlighted another major research area: technology-facilitated domestic abuse. As digital technologies become more embedded in daily life, perpetrators increasingly exploit them for surveillance, coercion, and control. Dr Romano emphasised that technology can simultaneously strengthen protection—through safety apps, online support networks, secure information sharing, and rapid-exit features—if implemented responsibly.

She closed with a call to action, inviting SMEs, potential partners, and grant collaborators to work with her team through ongoing CSIRO ON programs as they translate research into tools that deliver real-world impact.

Most Popular Insights

Two Decades On: Rethinking Active Directory Defence for a High-Threat Era
Two Decades On: Rethinking Active Directory Defence for a High-Threat Era
ON DEMAND 5 Aug 2025
The Importance of Security in Innovation, and Innovation in Security
The Importance of Security in Innovation, and Innovation in Security
ON DEMAND 21 May 2025
The Role of Emerging Technologies in Modern Government
The Role of Emerging Technologies in Modern Government
ON DEMAND 17 Apr 2025
Driving Innovation: Uruguay Path to Digital Transformation
Driving Innovation: Uruguay Path to Digital Transformation
ON DEMAND 19 Mar 2025
IT Modernization and Stabilization: Building a Future-Ready Government Infrastructure
IT Modernization and Stabilization: Building a Future-Ready Government Infrastructure
ON DEMAND 19 Mar 2025
Revolutionizing Environmental Regulation in Alberta Through Technology
Revolutionizing Environmental Regulation in Alberta Through Technology
ON DEMAND 3 Jan 2025
Transformation and Modernization in our Digital Services
Transformation and Modernization in our Digital Services
ON DEMAND 3 Jan 2025
Designing Services Around Citizen Needs: Achieving Seamless CX in the Digital Era
Designing Services Around Citizen Needs: Achieving Seamless CX in the Digital Era
ON DEMAND 20 Jun 2024
California’s Technology Strategy: What Is on the Horizon
California’s Technology Strategy: What Is on the Horizon
ON DEMAND 14 Apr 2024
Seamless Citizen Engagement: The Path to Simplicity
Seamless Citizen Engagement: The Path to Simplicity
ON DEMAND 20 Dec 2023
The Intersection of Technology, Security and Privacy at Service NSW
The Intersection of Technology, Security and Privacy at Service NSW
ON DEMAND 6 Dec 2023
Discussing Current Challenges and Strategies for Recruitment and Retention within the Public Sector
Discussing Current Challenges and Strategies for Recruitment and Retention within the Public Sector
ON DEMAND 11 Oct 2023
Equity, Diversity, and Inclusion as Part of Organizational Transformation
Equity, Diversity, and Inclusion as Part of Organizational Transformation
ON DEMAND 11 Oct 2023
Generative AI, Trust & the Public Sector
Generative AI, Trust & the Public Sector
ON DEMAND 29 Aug 2023
Underscoring Victoria's Digital Vision - Outcomes, Opportunities and Oppositions of Play
Underscoring Victoria's Digital Vision - Outcomes, Opportunities and Oppositions of Play
ON DEMAND 28 Aug 2023

Most Popular Partner Content

2025 Ransomware Holiday Risk Report
2025 Ransomware Holiday Risk Report
INDUSTRY TRENDS 25 Nov 2025
How Australia builds by design
How Australia builds by design
INDUSTRY TRENDS 20 Oct 2025
What’s Shaping Investigations and Integrity in Government (Australia, 2025)
What’s Shaping Investigations and Integrity in Government (Australia, 2025)
INDUSTRY TRENDS 26 Aug 2025
Building Cyber Resilience: A survival guide for security teams
Building Cyber Resilience: A survival guide for security teams
INDUSTRY TRENDS 18 Sep 2025
Private LLM Services for secure, compliant AI. Built for when Public AI won’t do.
Private LLM Services for secure, compliant AI. Built for when Public AI won’t do.
INDUSTRY TRENDS 1 Aug 2025
Redefining Cyber Resilience through proactive Vulnerability Reduction
Redefining Cyber Resilience through proactive Vulnerability Reduction
INDUSTRY TRENDS 18 Jul 2025
2025 Purple Knight Report - The Ongoing Struggle to Secure Hybrid AD and Entra ID Environments
2025 Purple Knight Report - The Ongoing Struggle to Secure Hybrid AD and Entra ID Environments
INDUSTRY TRENDS 11 Jul 2025
Are AI Apps safe to use? How to securely adopt AI in your agency.
Are AI Apps safe to use? How to securely adopt AI in your agency.
INDUSTRY TRENDS 15 Feb 2025
AWS vs Microsoft Azure vs Google Cloud vs Oracle Cloud Infrastructure: A Comprehensive Comparison
AWS vs Microsoft Azure vs Google Cloud vs Oracle Cloud Infrastructure: A Comprehensive Comparison
INDUSTRY TRENDS 12 Sep 2024
North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel
North Korean State-Sponsored Cyber Attack: Unveiling the Intricacies of Threat Actor Group Andariel
WHITEPAPERS & REPORTS 20 May 2024
Using the Viable System Model to Improve Government Operations
Using the Viable System Model to Improve Government Operations
GUIDES 3 May 2024
Leveraging the Strength of Centaur Teams: Combining Human Intelligence with AI's Abilities
Leveraging the Strength of Centaur Teams: Combining Human Intelligence with AI's Abilities
INDUSTRY TRENDS 20 Oct 2024
Embracing Value Stream Thinking in Public Sector Project Management
Embracing Value Stream Thinking in Public Sector Project Management
GUIDES 21 Oct 2024
Everything You Need to Know About Oracle 23c
Everything You Need to Know About Oracle 23c
INDUSTRY TRENDS 24 Sep 2024
The Role of Database Management in Business Growth
The Role of Database Management in Business Growth
INDUSTRY TRENDS 16 Apr 2024