The Australian Government's Department of Human Services was crowned the winner in a cybersecurity competition designed especially for the country's government agencies last week.

The Government Cyber War Games included five teams, two of which were made up of representatives from multiple departments.

The exercise, Operation First Wave, was designed as a round-robin tournament in which teams attacked and defended a specially-designed cyber range linked to a working replica Lego city.

Attackers had a series of objectives to achieve such as derailing the lego train or stopping wind model turbines, while defenders had to spot and prevent the attacks.

According to Department of Human Services CISO Narelle Devine, the aim was to get teams to throw attackers off by making them think outside the box.

“The lead changed hands several times throughout the week with ATO taking charge early on, only to be chased down by DHS, who just managed to edge out DIBP at the very end,” she comments.

“The ATO team initially set the course record with the speed with which they achieved some of their objectives, while the DIBP and AFP put up the sternest defence, holding out their opponents until the final minutes of the contest.

She notes that both joint teams did especially well considering they had never collaborated before.

But it was not just about who won the tournament, but about the cooperation between different teams – a vital ingredient in strong cyber capabilities.

Those teams included the Department of Human Services, the Australian Taxation Office (ATO) and the Department of Immigation and Border Protection, as well as the two joint teams.

The first joint team included members from the Australian Criminal Investigation Commission, the Australian Federal Police and the Department of Health.

The second team included the Attorney-General's Department Computer Emergency Response Team (CERT), the Australian Bureau of Statistics, Digital Transformation Agency, the Department of Defence and additional members of the ATO.

Devine says that in the event of government systems breaches, there would be ‘major ramifications' for both Australia and individuals concerned.

 “As the custodian of personal data on almost every Australian, through Centrelink, Medicare and Child Support, the department takes security of this information extremely seriously,” Devine comments.

 “The level of engagement and collaboration the games have fostered within the government cyber security community is extremely encouraging. The department's training facility is world class and I look forward to hosting more events and training exercises like this, ensuring our cyber defenders are at the top of their game.

 “The feedback we have had from all the teams and spectators has been extremely positive, and the knowledge shared and inter-agency relationships formed will have ongoing benefits,” Devine concludes.

Judges included FireEye VP for customer education Admiral Patrick Walsh; Sandra Ragg – Assistant Secretary Cyber Policy, Department of the Prime Minister and Cabinet; Anthony Kitzelmann – CISO - GM Cyber Security Centre, Australian Digital Health Agency; Commodore Jeffrey Goedecke – director general Business Relationship Management, Department of Defence; Dr Jill Slay – director of Cyber Resilience, Australian Computer Society (ACS); Eshan Dissanayake – head of IT Security, Coles division of Wesfarmers; and James Turner – head of CISO Lens.