Internet Industry Association

This website is accessible in two versions. A graphic rich, full featured version and a non-graphic version (text only) intended for people with vision-impairment and those who want an even faster experience using the website.text-only site
Home Australian Resources International Resources News Centre About IIA About This Project
Security Portal
About This Site Contact Us Feedback Search image: spacer
News Centre
Press Release
Speeches
Multimedia
image: side toolbar border

 
Lessons learned from Cyber Storm II, Senator McClelland, Attorney General, 24 September 2008

A detailed report outlining Australia's involvement in the recent international cyber security exercise, Cyber Storm II, was released today by Attorney-General Robert McClelland.

The exercise, led by the United States Department of Homeland Security, allowed the governments and business sectors of Australia, Canada, New Zealand, the United Kingdom and the United States to put their e-security arrangements to the test.

'Cyber Storm II was designed to simulate a significant global incident caused by attacks on critical infrastructure systems via the Internet,' Mr McClelland said.

'The exercise proved Australia's response arrangements to cyber-attack are sound,but just as importantly, demonstrated areas where improvements can be made.'

'The world's increasing dependence on electronic communications creates new opportunities for criminals and terrorists. The lessons learned from exercises such as Cyber Storm II help ensure Australia is well placed to combat these threats.'

Australia's involvement in Cyber Storm II included government agencies, state and territory governments and the largest contingent of private sector organisations ever
involved in such an exercise.

'It is a clear demonstration of the strong partnership that has been built between the Rudd Government and business to protect our critical infrastructure,' Mr
McClelland said.

Cyber Storm II was held in March in conjunction with the US Department of Homeland Security National Cyber Security Division, the UK's Centre for the Protection of National Infrastructure, Public Safety and Emergency Preparedness Canada and New Zealand's Centre for Critical Infrastructure Protection.

The Cyber Storm II national cyber security exercise final report can be obtained at: http://www.ag.gov.au/www/agd/agd.nsf/Page/Publications_CyberStormIISeptember2008.

KEY FINDINGS

Finding 1. Effective response is enhanced by routinely reviewing and testing Standard Operating Procedures (SOPs), Incident Response Plans and/or crisis
management arrangements.

Effective response to a cyber crisis is significantly enhanced by having tested procedures or arrangements, in which crisis-management relationships in the cyber response community are regularly reviewed to solidify communications paths and clarify organisational roles.

Finding 2. Non-crisis interaction among key stakeholders enhances effective crisis response during an incident. More frequent, non-crisis interaction between various stakeholders involved in protecting the national information infrastructure will enhance real world response capabilities.
Established relationships facilitate rapid information sharing among community members and must include relationships across sectors, with suppliers, with vendors and with incident response organisations.

Finding 3. Crisis communication procedures, predicated on accurate and appropriate points of contact, must be formalised within contingency planning.
Communication during a crisis significantly impacts the timeliness and effectiveness of responses.
A unity of effort can be more effectively maintained when there is a clear understanding of roles and responsibilities and the interfaces between them.

Finding 4. Cyber crises require a tailored response that takes into account multiple interdependencies.
The borderless nature of cyber attacks, and the speed with which they can escalate across infrastructure sectors, was demonstrated in Cyber Storm II.
Contingency planning must include potential flow-on effects.

Finding 5. Developing internal reporting and external notification thresholds assists in effective incident response by creating better situational awareness.
Identifying the problem, rather than simply addressing the symptoms, is critical to effective cyber incident response.
In order to ensure situational awareness within and between organisations, clear notification thresholds should be developed and promulgated so that technical incident responders know when escalation internally or externally is necessary.

Finding 6. Attempts to facilitate an interactive international game were hampered by time zone differences, isolated scenario building and unexpected player actions.
International play was not extensive in the Australian national exercise. A longer preexercise build up, a longer exercise duration (to account for the 18 hour difference between Wellington and Washington) and more international communication during the exercise planning phase will need to be incorporated into Cyber Storm III.

Top

 
  Proudly hosted by
  Proudly hosted by Web Central		 Site Map  |   Disclaimer  |   Terms & Conditions  |   Privacy  |  Text Only Site
powered by nuero