Cyber Storm II drill shows ferocity of virtual attack

The quick and ferocious nature of cyber attacks on government must be recognized in the next generation of security, a previously unreleased report from the Australian Attorney-General’s Department urges. In March this year governments from Australia, the United Kingdom, New Zealand, Canada, and the United States ran the largest-ever cyber war games, Cyber Storm II. The participants, which included the private sector, were surprised by the “borderless nature” of cyber attacks and the “speed with which they can escalate,” according to Freedom of Information documents obtained by AAP. News.com’s Peter Veness reports that the final report into Cyber Storm II said that “Contingency planning must include potential flow-on effects” and that “An important learning was the need to formalize lines of communication between government and industry to ensure that the scope of any problem is properly understood to enable a coordinated and effective response.”

Cyber Storm II tested critical infrastructure including dam walls, telecommunications, and government computer networks. Corporate participants included Microsoft, the Commonwealth Bank, Optus, Westpac, Woodside Energy, and the Australian Securities Exchange. Government agencies playing a part in the war games included the Australian Federal Police, Defense Signals Directorate, ASIO, Centrelink, and the Department of Foreign Affairs and Trade.

The report said Australia passed the games without major faults being uncovered. “The exercise proved that the major elements of the national response arrangements are sound, but as expected also found a number of areas where improvement would be possible.”

Cyber Storm II is part of the Australian federal government’s attempts to focus on improving the resilience of critical infrastructure if it was to come under attack. Attorney-General Robert McClelland has pressed home repeatedly his message of resilience, saying all Australians need to develop an ability to rebound quickly from a natural disaster or terrorist attack. “It is important that the public has a thorough understanding of the assistance that government can provide,” McClelland said last month. “It is equally as important for people to be aware of their own capabilities and responsibilities during an emergency. In combination this will enable a fast and effective response when the crisis emerges.”

The concern over e-security in Australia and globally has increased this year with the U.S. military raising the issue repeatedly. U.S. Northern Command commander Victor Renuart said in August attacks on Georgian computer systems reminded all of the need for improved security. “It’s critical to our mission that we are comfortable that we have a secure network, that it’s resilient to probes and attacks, and that it will be able to sustain good decision-making… for the nation’s leaders,” General Renuart told C-Span TV.