Story image

Dept of Human Services crowned winner of Government's Cyber War Games

03 Oct 2017

The Australian Government’s Department of Human Services was crowned the winner in a cybersecurity competition designed especially for the country’s government agencies last week.

The Government Cyber War Games included five teams, two of which were made up of representatives from multiple departments.

The exercise, Operation First Wave, was designed as a round-robin tournament in which teams attacked and defended a specially-designed cyber range linked to a working replica Lego city.

Attackers had a series of objectives to achieve such as derailing the lego train or stopping wind model turbines, while defenders had to spot and prevent the attacks.

According to Department of Human Services CISO Narelle Devine, the aim was to get teams to throw attackers off by making them think outside the box.

“The lead changed hands several times throughout the week with ATO taking charge early on, only to be chased down by DHS, who just managed to edge out DIBP at the very end,” she comments.

“The ATO team initially set the course record with the speed with which they achieved some of their objectives, while the DIBP and AFP put up the sternest defence, holding out their opponents until the final minutes of the contest.”

She notes that both joint teams did especially well considering they had never collaborated before.

But it was not just about who won the tournament, but about the cooperation between different teams – a vital ingredient in strong cyber capabilities.

Those teams included the Department of Human Services, the Australian Taxation Office (ATO) and the Department of Immigation and Border Protection, as well as the two joint teams.

The first joint team included members from the Australian Criminal Investigation Commission, the Australian Federal Police and the Department of Health.

The second team included the Attorney-General’s Department Computer Emergency Response Team (CERT), the Australian Bureau of Statistics, Digital Transformation Agency, the Department of Defence and additional members of the ATO.

Devine says that in the event of government systems breaches, there would be ‘major ramifications’ for both Australia and individuals concerned.

 “As the custodian of personal data on almost every Australian, through Centrelink, Medicare and Child Support, the department takes security of this information extremely seriously,” Devine comments.

 “The level of engagement and collaboration the games have fostered within the government cyber security community is extremely encouraging. The department’s training facility is world class and I look forward to hosting more events and training exercises like this, ensuring our cyber defenders are at the top of their game.”

 “The feedback we have had from all the teams and spectators has been extremely positive, and the knowledge shared and inter-agency relationships formed will have ongoing benefits,” Devine concludes.

Judges included FireEye VP for customer education Admiral Patrick Walsh; Sandra Ragg – Assistant Secretary Cyber Policy, Department of the Prime Minister and Cabinet; Anthony Kitzelmann – CISO & GM Cyber Security Centre, Australian Digital Health Agency; Commodore Jeffrey Goedecke – director general Business Relationship Management, Department of Defence; Dr Jill Slay – director of Cyber Resilience, Australian Computer Society (ACS); Eshan Dissanayake – head of IT Security, Coles division of Wesfarmers; and James Turner – head of CISO Lens.

Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
WatchGuard announces A/NZ partners awards
Four Australian companies were named partner award winners at the WatchGuard conference in Vietnam.
Telstra’s 2019 cybersecurity report
Cybersecurity remains a top business priority as the estimated number of undetected security breaches grows.
Why AI and behaviour analytics should be essential to enterprises
Cyber threats continue to increase in number and severity, prompting cybersecurity experts to seek new ways to stop malicious actors.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Why cybersecurity remains a top business priority
One in two Australian businesses estimated that they will receive fines for being in breach of new legislation.