Government Cyber War Games

Uploaded on 2017-11-07 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The Australian Department of Human Services has come out on top in Canberra’s inaugural cyber war games, a result that mimics the findings of a now infamous cyber resilience audit of the federal government's three biggest agencies.

Five teams from ten agencies, including the Australian Taxation Office (ATO) and Department of Immigration and Border Protection (DIBP) as well as DHS, spent last week battling it out on a purpose-built "range" aimed at developing cyber security skills through real life scenarios.

Using a Lego smart city to represent the contest, the teams took turns attacking and defending the model’s critical infrastructure such as trains or wind turbines.

The simulation believed to be the first and largest security training exercise of its kind to be staged at a federal level, was the brainchild of DHS chief information security officer Narelle Devine, who joined the department from the Royal Australian Navy in October last year.

DHS received the highest score at the end of the five days, narrowly beating the ATO and DIBP, which were both close to taking the lead on the final day of competition.

The result broadly aligns with the findings of a cyber resilience audit of the three agencies earlier this year, which found only DHS was compliant with all four of the Australian Signals Directorate’s mandatory threat mitigation strategies.

The ANAO defined 'cyber resilience' as agencies being able to continue providing services while deterring and responding to cyberattacks.

DHS’ team for the wargames was populated from members of its 24/7 Cyber Security Operations Centre, which was established late last year.

However, despite the results reflecting DHS dominant cyber security posture, the wargames were pitched as an opportunity to display the government's cyber capability, and for cyber specialists to train in a safe environment.

Speaking with iTnews, Devine said the war games were an important arena in which to build skills, despite being based on industrial control systems and the ability to defend critical national infrastructure, which is quite unlike the IT infrastructure that agencies are responsible for.

“It’s obviously a very different target set to what the department is responsible for in its day job, but from our opinion it doesn’t matter what you’re attacking or defending,” she told iTnews.

“The skills that you’re learning, and the skills that you’re demonstrating are applicable across all [domains], and we’re really trying to test not only the technical skills of the teams, but also those soft skills that sometime get missed in 'capture the flag' type activities around communication, teamwork and leadership.”

She said having events like the war games would allow relationships to be developed, and build whole-of-government cyber resilience that can “translate into real world instances where we are able to quickly communicate with each other in a really effective manner”.

“It's actually not that useful for one of us to be very good if the others aren’t, we all need to lift together,” she said.

Devine said she had been surprised by the complexity of the training facility, which means it can be reused in future years.

The department is now planning for the next event, and is considering extending an invitation it both business and the tertiary sector in future.

Ein News

You Might Also Read: 

Australia Hardest Hit By Cybersecurity Skills Shortage:

North Korea's Cyber War on Australia:

Vulnerable Australia Boosts National Cyber Security:

NATO Cyber War Games 2017: Czechs Win:

« Las Vegas Murders: Fake News Follows Every Tragedy
How To Keep Your Business Data Safe »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Tripwire

Tripwire

Tripwire are a leading provider of risk-based security, compliance and vulnerability management solutions.

Talend

Talend

Talend is a leader in cloud and big data integration software. Applications include Risk and Compliance management.

CQS (Certified Quality Systems)

CQS (Certified Quality Systems)

CQS is an organisation specialising in ISO assessment and certification, including ISO 27001, along with other management system standards.

Engage Black

Engage Black

Engage Black provides solutions for securing and protecting cryptographic keys, data at rest, and data in motion.

Adroit Technologies

Adroit Technologies

Adroit Technologies has been developing award winning real-time software for the industrial automation markets for over 25 years.

United Security Providers

United Security Providers

United Security Providers is a leading specialist in information security, protecting IT infrastructures and applications for companies with high demands on security.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

Digital Magics

Digital Magics

Digital Magics is an incubator for innovative startups which offer content and services with high technological value. Areas of focus include IoT, Enterprise Software, AI, Industry 4.0 and Blockchain.

CoverWallet

CoverWallet

CoverWallet combines deep analytics, thoughtful design and state of the art technology to help small businesses with all their insurance needs including Cyber Liability.

DataFleets

DataFleets

DataFleets is a privacy-preserving data engine that unifies distributed data for rapid access, agile analytics, and automated compliance.

Switchfast Technologies

Switchfast Technologies

Switchfast Technologies is an IT consulting and managed services provider, offering IT support and consulting to Chicagoland small businesses.

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command (FLTCYBER)

US Fleet Cyber Command is responsible for Navy information network operations, offensive and defensive cyberspace operations, space operations and signals intelligence.

FiVerity

FiVerity

FiVerity provides financial institutions with cyber fraud defense to combat a dangerous and growing threat - the convergence of fraud-related theft with sophisticated, high-volume cyber attacks.

Prophaze Technologies

Prophaze Technologies

Prophaze enable organizations and SaaS providers to improve their web application cybersecurity and reduce costs through AI automation.

PointWire

PointWire

PointWire offers a range of cybersecurity solutions and services including Penetration Testing on various levels, as well as Intrusion Detection and Prevention Systems.

Operant Networks

Operant Networks

Operant Networks mission is to provide Operational Technology (OT) teams with solutions that simplify their increasingly complex worlds.