Feds to rethink cyber crisis management

The Australian Government will reassess its interim cyber security crisis management plan in light of findings from the third Cyber Storm international wargame.

The report, to be released later today, identified gaps in how cyber attacks were escalated across government defence agencies and private industry, as well as pointing to other holes in the Australian Government's interim crisis management plan (pdf).

Speaking in Canberra today, Federal Attorney-General Robert McClelland said the government would use the report to improve the government's strategy.

"While it did highlight gaps within existing government and business cyber incident processes, particularly in regards to escalation procedures, this feedback allows both government and businesses to take steps to improve our cyber security," McClelland said.

"It is only by working together in a coordinated national approach that Australia will meet the challenges posed by technological change, and that we will be in the strongest position to reap the benefits that advancements in technology bring."

The report collated findings drawn out of simulated cyber attacks conducted against the national critical infrastructure of Australia, New Zealand, Canada, the US and Britain during the Cyber Storm III even in September last year, to assess each country's offensive and defensive capabilities.

Japan and nine European nations observed the wargame from the sidelines.

Australian Government participants in the four-day games included spy agency the Defence Signals Directorate, CERT Australia, the Australian Federal Police and the Cyber Security Operations Centre.

Telstra, the Australian Stock Exchange, Woolworths, ANZ, and domain name registrar AuDA were some of the 30 private sector organisations which also included banks, energy, food, communications and transport providers.

The 'no-fault' tabletop exercise was two years in the making and aimed to test Australia's crisis management arrangements including:

• Evaluating organisations' capability to prepare for, protect from, and respond to cyber attacks' potential effects;
• Evaluating strategic decision making and inter-agency coordination of incident responses in accordance with national level policy and procedures;
• Validating information sharing relationships and communications paths for collecting and disseminating cyber incident situational awareness, response and recovery information; and
• Evaluating the means and processes through which sensitive information is shared across boundaries and sectors without compromising proprietary or national security interests.

As with previous Cyber Storm reports, details on specific vulnerabilities in private industry and government departments were not disclosed to the public.

Private industry would be able to keep security tools provided to them by the Attorney-General's Department during the exercise that "would assist in a real cyber event".

The department also offered participating organisations information security training.

The report found the wargame created "substantial good will" between government and industry and allowed for the development of "trusted external organisational relationships".

The good will continued within private organisations, with some security personnel reporting they had "an invaluable opportunity to engage with their CEOs" and flag the importance of cyber security.

Telstra network and IT operations executive director Craig Hancock said the wargame was "a great opportunity to test the veracity of network protection measures, in addition to communications and decision-making processes which underpin any technical response to a cyber event".

The Cyber Storm games are held every two years between the offices of the Attorneys-General in Australia, New Zealand, Canada, the US and Britain, known as the 'Five Eyes'.

The second event held in 2008 was described by the US director of the events Brett Lambo as "using the internet as a weapon" and found improvements across inter-agency coordination and in response framework.

The report comes as Australia prepares to this year accede to the Council of Europe Convention on Cybercrime.

Australia released the Cybercrime Legislation Amendment Bill 2011 earlier this year to amend provisions for mutual assistance, computer offences and telecommunications data.

Copyright © SC Magazine, Australia