Information-sharing an obstacle in cyber war games

22.09.2006
The results of an international cyber war game that involved Australia were released by the U.S. Department of Homeland Security's National Cyber Security Division last week.

Dubbed Cyber Storm, the game was conducted in February this year and simulated a campaign to "affect or disrupt multiple, critical infrastructure elements within the energy, information technology, transportation and telecommunications sectors."

Australia was represented by the Attorney General's department in the four-day event which involved more than 110 public, private and international organizations as part of efforts to protect critical infrastructure.

The Cyber Storm Exercise Report identified eight specific areas in need of improvement, such as better inter-agency coordination, the formation of a training and exercise program, increased coordination between those involved in cyber incidents, the development of a common framework for response and information access as well as the development of a strategic communications and public relations plan.

Exchanging and sharing classified information among participating organizations was one of the main challenges.

"Processes must be developed to address and share critical information at lower classification levels throughout the response community and clearly defined communication channels and processes need to be developed to downgrade/sanitize and share information from classified sources with organizations involved in cyber response activities," the exercise report states, adding that multiple alerts on a single issue created confusion among players because it was difficult to establish a single coordinated response.