The series involved two exercises, a 2-day operational exercise and a strategic discussion exercise. The exercises were designed to strengthen industry and governments’ coordinated response to a significant cyber incident affecting Australia’s electricity sector.
Participants were from the electricity industry, Australian Government agencies and state and territory government agencies. The operational exercise involved 560 personnel from 32 electricity and government organisations. The strategic discussion exercise involved 25 personnel from 23 electricity and government organisations.
The exercises produced learnings for organisations to further strengthen current arrangements and consider the following:
- alerting others and reporting cyber security incidents
- communication and coordination
- incident response capabilities and management
- information sharing, including threat intelligence
- information technology and operation technology
- public messaging coordination
- recovery
- roles and responsibilities.
Karl Hanmore, the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) First Assistant Director-General Engagement, Operations and Intelligence, was delighted with the level of engagement and commitment from participants.
“This exercise series demonstrated a strong desire by electricity organisations and government agencies to practise and improve our arrangements for responding to significant cyber incidents.
“Communications, whether it be internally or between organisations, or with the community, are essential during a significant cyber incident.
“The exercise series also helped to strengthen the ASD's ACSC’s relationships with the electricity industry, and increase our understanding of the challenges and needs of organisations affected by significant cyber incidents,” Mr Hanmore said.
Participating organisations in the operational exercise invested significant time and resources into planning and participating, but all feedback indicated they would participate in exercises like this in the future.
One participant said the exercise provided the company an opportunity to test its security incident response process.
“It was invaluable for us to identify strengths and weaknesses in our people and processes, which will enable the company to improve these areas and further strengthen our position in the event of a real cyber event.”
Another participant said their executive gained valuable insights on what is required in a significant cyber event.
“It highlighted gaps that we must address as an organisation when it comes to coordinating our response and also who, why, when and what we need to communicate.”
Acknowledgements
The ASD's ACSC would like to thank all organisations for participating and providing valuable input to the learnings.
The ASD's ACSC credits the North American Electric Reliability Corporation’s Electricity Information and Analysis Centre (NERC’s E-ISAC) with developing the concept for the exercise series and sharing this with the ASD's ACSC.