"security" is a best-effort process, not a deliverable. This is asking to deliver the moon on a gloden plate.
If Australia wants to do that, they would have to define _TECHNICAL_ limits on this best-effort... and over there, it will probably end up baldy: because you will have, very probably, very wrong 'limits' favoring unfairly some tech from others.
That said, there is the 'obvious': if you use non-open source, or ultra-complex/big open source (including the SDK), and you don't want to understand security best-effort requires _STABLE MACHINE CODE_, you are a gonner.
If Australia wants to do that, they would have to define _TECHNICAL_ limits on this best-effort... and over there, it will probably end up baldy: because you will have, very probably, very wrong 'limits' favoring unfairly some tech from others.
That said, there is the 'obvious': if you use non-open source, or ultra-complex/big open source (including the SDK), and you don't want to understand security best-effort requires _STABLE MACHINE CODE_, you are a gonner.