Government Cyber War Games

The Australian Department of Human Services has come out on top in Canberra’s inaugural cyber war games, a result that mimics the findings of a now infamous cyber resilience audit of the federal government's three biggest agencies.

Five teams from ten agencies, including the Australian Taxation Office (ATO) and Department of Immigration and Border Protection (DIBP) as well as DHS, spent last week battling it out on a purpose-built "range" aimed at developing cyber security skills through real life scenarios.

Using a Lego smart city to represent the contest, the teams took turns attacking and defending the model’s critical infrastructure such as trains or wind turbines.

The simulation believed to be the first and largest security training exercise of its kind to be staged at a federal level, was the brainchild of DHS chief information security officer Narelle Devine, who joined the department from the Royal Australian Navy in October last year.

DHS received the highest score at the end of the five days, narrowly beating the ATO and DIBP, which were both close to taking the lead on the final day of competition.

The result broadly aligns with the findings of a cyber resilience audit of the three agencies earlier this year, which found only DHS was compliant with all four of the Australian Signals Directorate’s mandatory threat mitigation strategies.

The ANAO defined 'cyber resilience' as agencies being able to continue providing services while deterring and responding to cyberattacks.

DHS’ team for the wargames was populated from members of its 24/7 Cyber Security Operations Centre, which was established late last year.

However, despite the results reflecting DHS dominant cyber security posture, the wargames were pitched as an opportunity to display the government's cyber capability, and for cyber specialists to train in a safe environment.

Speaking with iTnews, Devine said the war games were an important arena in which to build skills, despite being based on industrial control systems and the ability to defend critical national infrastructure, which is quite unlike the IT infrastructure that agencies are responsible for.

“It’s obviously a very different target set to what the department is responsible for in its day job, but from our opinion it doesn’t matter what you’re attacking or defending,” she told iTnews.

“The skills that you’re learning, and the skills that you’re demonstrating are applicable across all [domains], and we’re really trying to test not only the technical skills of the teams, but also those soft skills that sometime get missed in 'capture the flag' type activities around communication, teamwork and leadership.”

She said having events like the war games would allow relationships to be developed, and build whole-of-government cyber resilience that can “translate into real world instances where we are able to quickly communicate with each other in a really effective manner”.

“It's actually not that useful for one of us to be very good if the others aren’t, we all need to lift together,” she said.

Devine said she had been surprised by the complexity of the training facility, which means it can be reused in future years.

The department is now planning for the next event, and is considering extending an invitation it both business and the tertiary sector in future.

Ein News

You Might Also Read: 

Australia Hardest Hit By Cybersecurity Skills Shortage:

North Korea's Cyber War on Australia:

Vulnerable Australia Boosts National Cyber Security:

NATO Cyber War Games 2017: Czechs Win:

« Las Vegas Murders: Fake News Follows Every Tragedy
How To Keep Your Business Data Safe »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Energy Sec

Energy Sec

EnergySec is a United States 501(c)(3) non-profit corporation formed to support energy sector organizations with the security of their critical technology infrastructures.

Positive Technologies

Positive Technologies

Positive Technologies is a leading global provider of enterprise security solutions for vulnerability and compliance management, incident and threat analysis, and application protection.

Entreda

Entreda

Entreda offers a unified platform to automate cybersecurity and compliance policy enforcement for your devices, users, networks, applications.

Endian

Endian

Endian’s mission is to provide a secure platform that connects distributed people and things, simplifying the digitalization of businesses.

ST Engineering

ST Engineering

ST Engineering is a leading provider of trusted and innovative cybersecurity solutions.

SIS Certifications (SIS CERT)

SIS Certifications (SIS CERT)

SIS Certifications is an ISO certification body serving more than 10,000 clients in over 15 countries worldwide.

Oceania Cyber Security Centre (OCSC)

Oceania Cyber Security Centre (OCSC)

OCSC engages with government and industry to conduct research, develop training opportunities and build capacity for responding to current and emerging cyber security issues.

Nihon Cyber Defense

Nihon Cyber Defense

Nihon Cyber Defence’s mission is to provide robust solutions, services and support to governments, corporates and organisations in order to protect them from all forms of cyber warfare.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

Simplilearn

Simplilearn

Simplilearn is the world's #1 online bootcamp for digital skills training in disciplines such as Cyber Security, Cloud Computing, Project Management, Digital Marketing, and Data Science.

HiScout

HiScout

HiScout is your integrated management system for IT governance, risk & compliance.

Celcom

Celcom

Celcom is the oldest mobile telecommunications provider in Malaysia, providing solutions and services to consumers and businesses.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

CCX Technologies

CCX Technologies

CCX Technologies design and develop a wide range of cybersecurity and testing solutions for the aviation, and military and government markets.

Exodata

Exodata

Exodata is a French digital services company specializing in the outsourcing of IT Systems and solutions.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.