The results of an international cyber war game that involved Australia were released by the US Department of Homeland Security's National Cyber Security Division last week.
Dubbed Cyber Storm, the game was conducted in February this year and simulated a campaign to "affect or disrupt multiple, critical infrastructure elements within the energy, information technology, transportation and telecommunications sectors."
Australia was represented by the Attorney General's department in the four-day event which involved more than 110 public, private and international organizations as part of efforts to protect critical infrastructure.
The Cyber Storm Exercise Report identified eight specific areas in need of improvement, such as better inter-agency coordination, the formation of a training and exercise program, increased coordination between those involved in cyber incidents, the development of a common framework for response and information access as well as the development of a strategic communications and public relations plan.
Exchanging and sharing classified information among participating organizations was one of the main challenges.
"Processes must be developed to address and share critical information at lower classification levels throughout the response community and clearly defined communication channels and processes need to be developed to downgrade/sanitize and share information from classified sources with organizations involved in cyber response activities," the exercise report states, adding that multiple alerts on a single issue created confusion among players because it was difficult to establish a single coordinated response.
A representative from the federal Attorney General's Department travelled to the US to participate in Cyber Storm, but according to a department spokesperson was there solely for observational purposes rather than on behalf of any Australian security agency or specific critical infrastructure sector.
A spokesperson for Attorney General Philip Ruddock said this participation has strengthened Australia's working relationship with the US Department of Homeland Security.
The spokesperson said Australia conducted its own table top exercise (TTX) that ran for a full day on February 9, 2006.
"The exercise was extremely valuable and tested the methods of communication and collaboration between Australian government agencies," he said.
"The fictitious Australian scenario was deliberately conceived to be peripheral and removed from the events comprising the US exercise, with the emphasis on an essentially Australian issue."
During the game, more than 100 public and private agencies, associations and corporations participated in the game from some 60 locations and five countries including Canada, UK, Australia and New Zealand.
The project involved nine major IT firms, six electricity utility firms (generation transmission and grid operations) and two major airline carriers.
According to Homeland Security documents, Australia and New Zealand were involved in a response-and-recovery arm on the second last day of the war games.
The exercise involved a mythical collective known as the Worldwide Anti-Globalization Alliance (WAGA) which, through a radical arm named the Black Hood Society probed SCADA (Supervisory Control And Data Acquisition) control systems and military networks, turning the heat off in government buildings and taking down railways.
Acting independently of WAGA during the event was a group of rogue "independent actors" who launched malicious code in the form of worms and viruses. This was in addition to a group of German hackers intent on clogging bandwidth as well as a disgruntled airport employee attempting to disrupt a communications tower and interfere with cargo.