Cyber Storm III kicks off in Australia

Fifty Australian organisations will face simulated cyber attacks this week in international security exercise, Cyber Storm III.

The exercise was launched this morning by Attorney-General Robert McClelland as the latest in a series that has involved the US, UK, Canada, New Zealand and Australia since 2006.

It targeted "critical infrastructure and other nationally important systems and services" run by organisations in the communications, food, finance, transport, utilities and government sectors.

Telstra, ASX, Woolworths, ANZ, Foxtel and domain name registrar AuDA were among the private sector organisations involved.

Simulated attacks were designed to test organisations' emergency response procedures, and were not expected to affect customers.

Agencies such as the Cyber Security Operations Centre within the Defence Signals Directorate, and CERT Australia within the Attorney-General's Department would also be tested.

Highlighting the "chaos" that followed Virgin Blue's weekend IT outage, McClelland warned of the impact of failures in Australia's banking systems, mobile phone network, or water or electricity grid.

"The Government's National Security Statement identified cyber security as a top national security priority," he said, describing cyber security as a "rapidly evolving and increasingly important" threat.

"A serious assault against the networks that control key systems in our economy could have devastating consequences, as would major disruptions to the flow of information across the internet itself."

With the private sector owning and operating most of Australia's IT systems and hardware, McClelland said Cyber Storm III was an "important opportunity to test our preparedness".

Telstra this afternoon said it was "ready to be put to the test" and looked to test the effectiveness of its incident response methods.

The telco's local network security was overseen by a 24/7 Security Operations Centre, and monitored by a Global Operations Centre and Managed Network Operations Centre.

"The Telstra team is ready to put our systems and processes to the test," said its executive director of network and IT operations, Craig Hancock.

 "Exercises like Cyber Storm III are a great opportunity to test the veracity of these network protection measures, in addition to communications and decision-making processes which underpin any technical response to a cyber event.

"By actively testing our response processes we can then evaluate and improve our effectiveness in managing and responding to cyber security incidents."

Attorney-General McClelland said the online environment could be misused for espionage, unauthorised data modification, malware distribution, fraud and identity theft.

Unauthorised access and "the modification or impairment of computer systems" were criminal offences that carried penalties of two to ten years imprisonment.

McClelland also described work with other State and Territory Attorneys-Generals to coordinate law enforcement and responsibilities across jurisdictions, which would better reveal nationwide attacks.

Cyber Storm III was scheduled to run over four days. A public report would be produced following the exercise and consultation with participants.