Government Cyber War Games

Uploaded on 2017-11-07 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

The Australian Department of Human Services has come out on top in Canberra’s inaugural cyber war games, a result that mimics the findings of a now infamous cyber resilience audit of the federal government's three biggest agencies.

Five teams from ten agencies, including the Australian Taxation Office (ATO) and Department of Immigration and Border Protection (DIBP) as well as DHS, spent last week battling it out on a purpose-built "range" aimed at developing cyber security skills through real life scenarios.

Using a Lego smart city to represent the contest, the teams took turns attacking and defending the model’s critical infrastructure such as trains or wind turbines.

The simulation believed to be the first and largest security training exercise of its kind to be staged at a federal level, was the brainchild of DHS chief information security officer Narelle Devine, who joined the department from the Royal Australian Navy in October last year.

DHS received the highest score at the end of the five days, narrowly beating the ATO and DIBP, which were both close to taking the lead on the final day of competition.

The result broadly aligns with the findings of a cyber resilience audit of the three agencies earlier this year, which found only DHS was compliant with all four of the Australian Signals Directorate’s mandatory threat mitigation strategies.

The ANAO defined 'cyber resilience' as agencies being able to continue providing services while deterring and responding to cyberattacks.

DHS’ team for the wargames was populated from members of its 24/7 Cyber Security Operations Centre, which was established late last year.

However, despite the results reflecting DHS dominant cyber security posture, the wargames were pitched as an opportunity to display the government's cyber capability, and for cyber specialists to train in a safe environment.

Speaking with iTnews, Devine said the war games were an important arena in which to build skills, despite being based on industrial control systems and the ability to defend critical national infrastructure, which is quite unlike the IT infrastructure that agencies are responsible for.

“It’s obviously a very different target set to what the department is responsible for in its day job, but from our opinion it doesn’t matter what you’re attacking or defending,” she told iTnews.

“The skills that you’re learning, and the skills that you’re demonstrating are applicable across all [domains], and we’re really trying to test not only the technical skills of the teams, but also those soft skills that sometime get missed in 'capture the flag' type activities around communication, teamwork and leadership.”

She said having events like the war games would allow relationships to be developed, and build whole-of-government cyber resilience that can “translate into real world instances where we are able to quickly communicate with each other in a really effective manner”.

“It's actually not that useful for one of us to be very good if the others aren’t, we all need to lift together,” she said.

Devine said she had been surprised by the complexity of the training facility, which means it can be reused in future years.

The department is now planning for the next event, and is considering extending an invitation it both business and the tertiary sector in future.

Ein News

You Might Also Read: 

Australia Hardest Hit By Cybersecurity Skills Shortage:

North Korea's Cyber War on Australia:

Vulnerable Australia Boosts National Cyber Security:

NATO Cyber War Games 2017: Czechs Win:

« Las Vegas Murders: Fake News Follows Every Tragedy
How To Keep Your Business Data Safe »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

European Council on Foreign Relations (ECFR)

European Council on Foreign Relations (ECFR)

ECFR is a pan-European think-tank conducting research and promote informed debate on European foreign policy. Cyber security is becoming an intrinsic element of foreign policy debate.

Deltagon

Deltagon

Deltagon develops information security solutions to protect companies’ confidential information in e-communication and e-services.

Azeti Networks

Azeti Networks

Azeti Networks is a global provider of IoT technology to a variety of verticals including telecomms, oil/gas, manufacturing, finance and healthcare.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

Silverfort

Silverfort

Silverfort introduces the first security platform enabling adaptive authentication and identity theft prevention for sensitive user, device and resource throughout the entire organization.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

ICS-CSR

ICS-CSR

ICS-CSR is a research conference bringing together researchers with an interest in the security of industrial control systems.

iosiro

iosiro

iosiro was created to guide companies through securely using blockchain technologies. We help teams launch and manage ICOs, deploy secure dApps, and integrate private networks into business practices.

IT Search

IT Search

IT Search is a specialist IT recruitment company focusing on Cyber Security, IT Infrastructure, Software, Data, Digital Transformation and C Suite leadership positions.

Park Place Technologies

Park Place Technologies

Park Place Technologies' mission is to drive uptime, performance and value for critical IT infrastructure.

Intuitive Research & Technology Corp

Intuitive Research & Technology Corp

Intuitive Research and Technology is an aerospace engineering and analysis firm providing services to the Department of Defense, government agencies, and commercial companies.

Vertex Cyber Security

Vertex Cyber Security

Vertex provide Cyber Security Services to small to large businesses including Advise, Consulting, Adding Security Partnership, Penetration Testing, ISO 27001-2 and Audits.

Auria

Auria

Auria advances complex space, missile, and cyber operations with visionary solutions and software.

SiyanoAV

SiyanoAV

SiyanoAV's range of antivirus products delivers strong protection against various cyber threats, including malware, ransomware, phishing schemes, and beyond.

Helix Tech Consulting

Helix Tech Consulting

Helix Tech have expertise in a wide range of technology areas, including IT strategy, infrastructure design, cybersecurity, disaster recovery, cloud, data centers, IT cost optimization, and more.

QRC Assurance & Solutions

QRC Assurance & Solutions

QRC is a PCI QSA, QPA, ISO accredited, CPA and CERT-IN empanelled organization with vast experience in conducting certification, regulatory audits, pen testing services, training and more.