The Department of Human Services has taken out the inaugural Government Cyber War Games in an event that will deliver lasting benefits for information security across government.
The intensive five-day ‘Operation First Wave’ competition saw some of the government’s best and brightest cyber security minds going head-to-head in a landmark event for Australian cyber security.
Five teams, representing 10 agencies, took part in a round-robin style tournament, taking turns attacking and defending a specially designed ‘cyber range’ linked to a working replica Lego city.
As well as achieving success in attacking or defending the city, a panel of impartial adjudicators scored teams against a range of criteria including team work, communication, planning, critical thinking and creativity.
The competition came right down to the wire, with the highly-organised outfits from Australian Taxation Office (ATO) and the Department of Immigration and Border Protection (DIBP) both close to taking the lead during the final day.
Human Services may have taken line honours but the real victory was the new comradery developed between the departments—a vital ingredient in building a strong cyber capability.
Department of Human Services Chief Information Security Officer Narelle Devine said the games were a crucial initiative for government to ensure agencies are thoroughly prepared for a real cyber attack.
“There would be major ramifications for individuals and the country should our systems be breached,” Ms Devine said.
“As the custodian of personal data on almost every Australian, through Centrelink, Medicare and Child Support, the department takes security of this information extremely seriously.
“The level of engagement and collaboration the games have fostered within the government cyber security community is extremely encouraging.
“The department’s training facility is world class and I look forward to hosting more events and training exercises like this, ensuring our cyber defenders are at the top of their game.”
Over the course of the week, more than 220 spectators – including government, corporate and school groups from primary through to University – attended the games coming away with new relationships, ideas and an insight into future career opportunities.
Attackers took to the course with a series of objectives to achieve, such as derailing the Lego train or stopping the model wind turbines, while the defenders tried to spot and prevent the attacks.
Ms Devine said one of the key objectives of the games was to get teams to understand how cyber criminals work by pushing them to think outside the box with their attacks.
“The lead changed hands several times throughout the week with ATO taking charge early on, only to be chased down by DHS, who just managed to edge out DIBP at the very end,” Ms Devine said.
“The ATO team initially set the course record with the speed with which they achieved some of their objectives, while the DIBP and AFP put up the sternest defence, holding out their opponents until the final minutes of the contest.
“The CERT-led mixed team also showed incredible skill attacking the course.
“Both multi-agency teams did extremely well, especially given they had never worked together before, and provided a strong challenge in every event.
“The feedback we have had from all the teams and spectators has been extremely positive, and the knowledge shared and inter-agency relationships formed will have ongoing benefits.”
- Department of Human Services (DHS)
- Australian Taxation Office (ATO)
- Department of Immigration and Border Protection (DIBP)
Two teams were made up of cyber security staff representing multiple agencies:
- Australian Criminal Investigation Commission, Australian Federal Police and Department of Health (Joint team 1)
- Attorney-General’s Department Computer Emergency Response Team (CERT), Australian Bureau of Statistics, Digital Transformation Agency, Department of Defence and an additional contingent from the ATO. (Joint team 2).
- Admiral Patrick Walsh – former commander of the US Navy Pacific Fleet and current Vice President for Customer Education at international cyber security company, FireEye
- Sandra Ragg – Assistant Secretary Cyber Policy, Department of the Prime Minister and Cabinet
- Anthony Kitzelmann – Chief Information Security Officer and General Manager Cyber Security Centre, Australian Digital Health Agency
- Commodore Jeffrey Goedecke – Director General Business Relationship Management, Department of Defence
- Dr Jill Slay – Director of Cyber Resilience, Australian Computer Society (ACS)
- Eshan Dissanayake – Head of IT Security, Coles division of Wesfarmers
- James Turner – Head of CISO Lens