12 December 2016

Cyber security war game set in 2022 hopes to prepare governments, businesses for the worst

By Matthew Clayfield

Australia's first simulated cyber security "game" was set in 2022 and explored two equally unpalatable cyber attack scenarios in the hopes to prepare governments and businesses for the inevitable.

The game was co-hosted by the National Security College at the Australian National University and the RAND Corporation, bringing together 90 participants from government, business and academia.

Michelle Price, senior adviser in cyber security at the National Security College who helped to co-ordinate the game, said Australians "human behaviour" in cyber space needed to improve.

"It's in large part why we're such a significant target for malicious activity," she said.

Australia is currently losing up to $17 billion each year through malicious cyber activity.

Media player: "Space" to play, "M" to mute, "left" and "right" to seek.

And the attacks on this year's Census website remain an equally stark reminder of what can happen when organisations are unprepared.

Professor Rory Medcalf, head of the National Security College, said the game was a full-scale simulation of the "kind of complex cyber security attacks Australia could face in years to come".

"The whole point is to bring together senior levels of the private sector, the government, the bureaucracy, to make very quick complex decisions against uncertain challenges," he said.
Game designed to work out what needs to change now

Participants included ministers and shadow ministers, state and federal agencies, and representatives of the Australian Securities Exchange.

They were presented with two strategic scenarios set six years from today and forced to develop solutions to problems while taking into account their various interest and concerns.

Ms Price said each person in the room took on a role across the six different groups, to ensure the questions that the facilitator asked everyone to focus on were approached "from different points of view".

"To try and work out if we did find ourselves in different circumstances in 2022, which of course we will, how would we respond at that time," she said.

"What are the kinds of things that we need to do over the next couple of years to either course correct on our policy setting, or which parts of the current policy settings we need to keep working on embedding."
Cyber security 'needs to be an automatic behaviour'

She said that while the game was designed to be challenging, it's real purpose was to generate conversations and ideas.

"Most Australians don't understand why cyber security is important to them as individuals," she said.

"That's not just adults, that's also children.

"We need to make sure that across the board cyber security is something that becomes an automatic human behaviour.

"So that we not only understand it, but we appreciate why it's so important that we make sure we're secure when were online."

Dan Tehan, the federal minister assisting the Prime Minister for cyber security, was among the game participants and said the Government had put in place a cyber security strategy in April this year and were implementing it.

"That strategy clearly defines the need for government, for business, for academia and for the community to work hand in hand," he said.

"It's going to be a whole of community approach and what we're going to do today is map how we can get all sectors of the economy working together to deal with the cyber threat."

No comments: