What would be the government response if a criminal gang hacked into the Australian electrical grid or implanted pacemakers and threatened to kill people unless ransom was paid?
That was one of the scenarios that played out in a 2016 cyberspace simulation held at ANU College of Asia and the Pacific (CAP), which brought together top government officials, academics and industry experts. Participants used the exercise to identify challenges, including unexpected ones that could happen while preventing information from being stolen or manipulated by criminals, terrorists or even hostile governments.
Players were unable to develop specific solutions to prevent these cyber criminals from carrying out their threats but that wasn’t the point of the exercise, said Dr Adam Henschke, a lecturer at CAP’s National Security College.
“One of the main aims of the game was to first of all bring together as many people as possible across the cyber security community in Australia,” he said. “And second, get them working on those cyber issues in a way that gets them out of their normal roles.”
Cyber security is a growing concern for governments and businesses as the world becomes increasingly dependent on computer communications. The number of devices embedded with communications technology soon will reach into the tens of billions globally and include machines that directly communicate with each other.
Deterring criminals, corporate spies or even hostile governments from compromising computer networks has become increasingly vital.
To address this issue, the CAP’s National Security College gathered some of the nation’s top leaders in the cyber security community for a day-long simulation designed by the RAND Corp. This was the first such RAND exercise held in Australia and involved about 90 participants from across the government, private sector, academia and think tanks.
One scenario of the simulation involved a criminal organisation that starts disabling factory machinery and other devices until ransom is paid. The attacks escalate and threaten to disable heart pacemakers, and Australian citizens demand government action.
The second story line revolved around a mining company that had lost a series of large contracts, was forced into bankruptcy, and ultimately acquired by a competitor. It was later discovered that the acquired company had had its bidding information hacked.
As part of the same scenario, details about a new technology developed by a green-energy firm was stolen by a foreign government. Participants were thrust into the role of Australian government officials who had to respond to both of these intellectual property thefts and devise ways to stop further cyber theft.
As part of the program, teams were created to take different approaches to prevent such attacks beforehand, protect information from cyberattacks and try to create public policies that would balance protection from hackers while ensuring that internet technology still was available to Australian citizens and businesses. Unfortunately, no single solution was found that could address the issues raised in either scenario.
However, participants did find that:
The exercise also broke down some walls between people with different skill sets, Henschke said. Technical and policy specialists were forced to work together and make efforts to understand each other as they tried to solve problems.
Henschke, who has participated in many cyber and warfare exercises, said he didn’t find anything there wasn’t anything too surprising in this cyber security exercise. “That’s because it’s common to be surprised in cyber security.”
Related website: Exploring Cyber Security Policy Options in Australia
Related research: Dr Adam Henschke
Image credit: Flickr