Attorney General Robert McClelland today launched the four day-long international cybersecurity exercise known as Cyber Storm III in Australia — a simulation to test response times and show up public and private sector security exploits.
“On the weekend we saw the chaos that occurred as a result of a computer outage at a major domestic airline,” said McClelland in a statement, in reference to Virgin Blue’s Navitaire software outage that caused chaos to the airline’s flights.
“Imagine the impact of a failure of our banking and finance systems, a disruption to the water or electricity grid, or an outage in the mobile phone network. These scenarios demonstrate the ‘cyber’ reliance of our modern society, as any one of these events has the potential to cause significant social and economic upheaval.”
The Australian leg of the event is hosted by the Australian Government and will provide vital information to new government security agencies — such as the Computer Emergency Response Team (CERT) and Cyber Security Operations Centre (CSOC) — on how to better respond to a cyber security attack.
“With the rapid escalation in the intensity and sophistication of cybersecurity threats, it is imperative that government, business and the community are aware of the severity of cyber security risks, and commit to work together to protect what has become a vital component of our economy and society,” said McClelland.
Major Australian private sectors and government sectors are also joining in the event as either participants or as passive observers. The exercise involves public and private organisations across the telecommunications, finance, transport and utilities sectors.
Telstra is the largest telecommunications company in Australia to take part in the global exercise, which involves Canada, New Zealand, UK, and the US. The giant telco said it was a good opportunity to to further develop government and “key industry” organisations.
“Our participation also allows us to develop our collaborative working relationships with industry and government stakeholders, and to tap into different aspects of security thinking. By doing this in a secure information sharing environment, we all play a role in developing and strengthening the nation’s response to online threats,” said Telstra executive director of network information technology operations Craig Hancock.
“Exercises like Cyber Storm ІІІ are a great opportunity to test the veracity of these network protection measures, in addition to communications and decision-making processes which underpin any technical response to a cyber event. By actively testing our response processes, we can then evaluate and improve our effectiveness in managing and responding to cyber security incidents,” he said.
Telstra said that while there were security measures are already implemented thanks to Telstra’s Security Operations Centre in Canberra and the network monitoring of Managed Network Operations Centre in Melbourne and Global Operations Centres in Sydney, the “integrity” of its networks was its main focus.
Optus is participating as an observer but could not immediately provide further information on its involvement. The Australian Security Intelligence Organisation (ASIO) is also known to be involved, but declined to comment directly on the subject. The office of the Attorney General was not able to provide a full list of Australian organisations involved.
The last event of its kind was Cyber Storm II — held back in 2008 — when Australia was the second-biggest participant to be involved. Australia has been a participant since the first Cyber Storm was held back in 2006.
Image credit: Office of the Attorney-General