Private and public-sector organizations will be involved in next March's Cyber Storm II attack simulation, along with organizations in the U.S., Canada, the U.K. and Australia.
The exercise will simulate, on a private network, a series of hacking and 'cyber-terrorism events' attempted via the Internet.
Nothing of a dangerous nature will be attempted on live networks, said Richard Byfield of the Centre for Critical Infrastructure Protection (CCIP), which will coordinate the local part of the exercise.
The first Cyber Storm simulation took place in March 2006, but New Zealand's involvement was small, just a 'table-top' exercise, with simulations of escalating events being represented on paper. This time, there will be an online portal, where scenarios appropriate to our national security will be played out, testing the responses and inter-communication abilities of government organizations such as CCIP, New Zealand's Defence Force, Security Intelligence Service and the Police's electronic crime lab, as well as private-sector maintainers of vital infrastructure such as Telecom New Zealand Ltd. and Transpower New Zealand Ltd. Some Internet service providers are likely to be asked to be involved as well, said Byfield.
As organizations respond to the attacks, the situation will escalate in unpredictable ways. Like a fire-drill, there will be an exhaustive check after the simulation exercise, to see if the right people and agencies were informed at the right time.