The federal government is set to conduct a series of cyber war games with local critical infrastructure firms to test their responses to potentially devastating cyber attacks.
These exercises examining how critical infrastructure operators in Australia would respond to a cyberattack will be run by the federal government over the coming months with companies from the financial sector, banking world, aviation sector and other major industries.
It comes after a series of large-scale data breaches in Australia which have impacted tens of millions of people.
Most recently, Latitude Financial was impacted by a breach which saw the personal information, including passport and Medicare numbers, of 14 million customers stolen.
The government has begun a series of exercises with companies that are important to the functioning of the Australian economy, Home Affairs Minister Clare O’Neil said.
“We’re conducting exercises where we play through what it would look like to have a major bank, for example, come down in a cyber attack,” O’Neil said, as The Sydney Morning Herald reported.
“How would government work with that company to get services back online? If one of our big four banks is down, who can assist in providing services to those customers? How can we make sure the country continues to function properly while we solve the problem?”
The first of these three-hour tabletop exercises was run with representatives from the Reserve Bank of Australia, Australian Prudential Regulation Authority, Australian Securities and Investments Commission, and the Australian Federal Police.
It investigated the response to a cyber breach involving the stealing of highly sensitive information and the encryption of networks.
O’Neil warned of the significant impact of such a breach occurring in reality.
“The groups that are conducting cyber attacks are becoming more professionalised, industrialised, powerful and effective,” she said.
“[Data breaches are] real and consequential…but when you think about the impacts of the failure of a major hospital, the interruption of a traffic network or serious disruption of our banking system, the impacts can get much worse.
“Consider what damage could be caused if attackers intentionally try to degrade trust in a major system we depend on like telecommunications or banking. We need to plan for utilities to go down, for hospital systems to be under attack.”
In a speech last week, the Home Affairs Minister said the recent hacks of Optus and Medibank are “the tip of the iceberg”.
“If every business is a target, every Australian is at risk,” O’Neil said last week.
“And the government response needs to be significant. That means our national choices, our economic prosperity, our peace of mind as citizens and as a nation, are directly threatened by these groups.
“This impact to our sovereignty and way of life is why ransomware threat actors are a core national security challenge for Australia.”
It was recently revealed that the cyber attack on Latitude Financial had resulted in the breach of the personal information of 14 million customers in Australia and New Zealand, with passport and Medicare numbers caught up.
This came after the cyber attacks on Optus and Medibank late last year, which impacted 9.8 million and 9.7 million Australians respectively.
The federal government is currently working on a revamped cyber security strategy, which will run to 2030.
A government-appointed expert advisory group put forward a number of proposals for this strategy recently to address Australia’s “patchwork” cyber policies, including an expansion of the critical infrastructure scheme and a new Cyber Security Act.
O’Neil also recently announced the creation of a new National Office for Cyber Security within the Department of Home Affairs, to be led by a national cyber coordinator to act as the “spine and strategy” for responding to future cyber attacks.
