Government Cyber War Games

The Australian Department of Human Services has come out on top in Canberra’s inaugural cyber war games, a result that mimics the findings of a now infamous cyber resilience audit of the federal government's three biggest agencies.

Five teams from ten agencies, including the Australian Taxation Office (ATO) and Department of Immigration and Border Protection (DIBP) as well as DHS, spent last week battling it out on a purpose-built "range" aimed at developing cyber security skills through real life scenarios.

Using a Lego smart city to represent the contest, the teams took turns attacking and defending the model’s critical infrastructure such as trains or wind turbines.

The simulation believed to be the first and largest security training exercise of its kind to be staged at a federal level, was the brainchild of DHS chief information security officer Narelle Devine, who joined the department from the Royal Australian Navy in October last year.

DHS received the highest score at the end of the five days, narrowly beating the ATO and DIBP, which were both close to taking the lead on the final day of competition.

The result broadly aligns with the findings of a cyber resilience audit of the three agencies earlier this year, which found only DHS was compliant with all four of the Australian Signals Directorate’s mandatory threat mitigation strategies.

The ANAO defined 'cyber resilience' as agencies being able to continue providing services while deterring and responding to cyberattacks.

DHS’ team for the wargames was populated from members of its 24/7 Cyber Security Operations Centre, which was established late last year.

However, despite the results reflecting DHS dominant cyber security posture, the wargames were pitched as an opportunity to display the government's cyber capability, and for cyber specialists to train in a safe environment.

Speaking with iTnews, Devine said the war games were an important arena in which to build skills, despite being based on industrial control systems and the ability to defend critical national infrastructure, which is quite unlike the IT infrastructure that agencies are responsible for.

“It’s obviously a very different target set to what the department is responsible for in its day job, but from our opinion it doesn’t matter what you’re attacking or defending,” she told iTnews.

“The skills that you’re learning, and the skills that you’re demonstrating are applicable across all [domains], and we’re really trying to test not only the technical skills of the teams, but also those soft skills that sometime get missed in 'capture the flag' type activities around communication, teamwork and leadership.”

She said having events like the war games would allow relationships to be developed, and build whole-of-government cyber resilience that can “translate into real world instances where we are able to quickly communicate with each other in a really effective manner”.

“It's actually not that useful for one of us to be very good if the others aren’t, we all need to lift together,” she said.

Devine said she had been surprised by the complexity of the training facility, which means it can be reused in future years.

The department is now planning for the next event, and is considering extending an invitation it both business and the tertiary sector in future.

Ein News

You Might Also Read: 

Australia Hardest Hit By Cybersecurity Skills Shortage:

North Korea's Cyber War on Australia:

Vulnerable Australia Boosts National Cyber Security:

NATO Cyber War Games 2017: Czechs Win:

« Las Vegas Murders: Fake News Follows Every Tragedy
How To Keep Your Business Data Safe »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Purdicom

Purdicom

Purdicom (formerly known as Selcoms) is an award winning distributor specialising in Wireless, Cloud & Security technologies.

CyberSmart

CyberSmart

CyberSmart is a platform that allows you to maintain compliance, achieve certification and secure your organisation.

MetaFlows

MetaFlows

MetaFlows’ SaaS malware detection & prevention software passively analyzes the behavior and the content of Internet traffic.

Silverskin Information Security

Silverskin Information Security

Silverskin is a cyber attack company that specializes in having knowledge of the attacker's mindset to identify vulnerabilities and build effective and persistent defences.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

At-Bay

At-Bay

At-Bay offer an end-to-end solution to cyber risk with comprehensive risk assessment, a tailored cyber insurance policy and year-long, active, risk-management service.

CryptoCurrency Certification Consortium (C4)

CryptoCurrency Certification Consortium (C4)

The CryptoCurrency Certification Consortium is a non-profit organization that provides certifications to professionals who perform cryptocurrency-related services.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

Winterhawk

Winterhawk

Winterhawk is a specialist and leading global Cyber, ESG, GRC, Risk & Identity consulting practice.

Drata

Drata

Drata is a security and compliance automation platform that continuously monitors and collects evidence of a company's security controls, while streamlining workflows to ensure audit-readiness.

Mission Critical Partners (MCP)

Mission Critical Partners (MCP)

Mission Critical Partners is committed to delivering innovative solutions that help our clients enhance and evolve their critical-communications systems and operations.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

ASPIA InfoTech

ASPIA InfoTech

ASPIA Infotech is a leading Information and cybersecurity organization focused on innovative approaches to avert targeted attacks.

Kodem Security

Kodem Security

Our mission is to make AppSec simple. Meet the world’s first dynamic software composition analysis platform. Only Kodem uses runtime intelligence to determine application risk.

AuthMind

AuthMind

Prevent your next identity-related cyberattack with the AuthMind Identity SecOps Platform. It works anywhere and deploys in minutes.