Friday, August 5, 2011

Cyber Storm III participants found shortcomings in its cybersecurity “escalation procedures”

Australian report identifies cybersecurity gaps during Cyber Storm III exercise

An Australian report issued Monday found gaps in cybersecurity procedures and processes for both government and industry, based on a review of the US-sponsored Cyber Storm III exercise held last September.

The report, commissioned by the Australian government and carried about by former Australian Army intelligence officer Miles Jakeman, said that Cyber Storm III identified "gaps” in cybersecurity procedures, processes, and plans by government and industry.

The Australian government identified gaps in its interim cybersecurity crisis management plan, and industry found shortcomings in its cybersecurity “escalation procedures”, according to the report.

The Cyber Storm III exercise included participants from seven US federal agencies, 11 US states, 60 private companies, and 12 international partners. The Australian government sent representatives from the Defence Signals Directorate, Computer Emergency Reponse Team (CERT) Australia, and Australian Federal Police; industry was represented by Telstra, ASX, Woolworths, ANZ, and domain name registrar AuDA.

Australian Attorney General Robert McClelland said that more than 50 Australian organizations participated in Cyber Storm III. He said in releasing the report: “The Cyber Storm III exercise provided a good test of new government processes including the interim cybersecurity crisis management plan, which allowed agencies to identify gaps and revise processes.”

McClelland added: “The exercise revealed many areas where internal and cross-sector partnerships worked effectively to communicate and resolve issues, but also highlighted areas where communications and planning could be further developed….While it did highlight gaps within existing government and business cyber incident processes, particularly in regards to escalation procedures, this feedback allows both government and businesses to take steps to improve our cybersecurity.”

No comments: