CYBER Storm is about to be unleashed, bringing chaos to Australia and across the world. It threatens to halt business, cripple power supplies, paralyse governments, and undermine national security.
The name suggests an apocalyptic movie, but Cyber Storm is an official exercise involving some of our biggest businesses, government departments and spy agencies.
Its aim is to test the ability of Australia and its allies to respond to what governments, spy bosses and security experts say is the real and growing threat from cyber attacks. As a video on the website of the super-secret Defence Signals Directorate puts it: ''Online is the new front line.''
Cyber Storm will play out on business, government and intelligence agency computer screens here and overseas, testing their ability to respond to co-ordinated attacks on the systems underpinning almost every aspect of society.
About 50 organisations are expected to take part in the Australian arm of the exercise, the third and biggest in a series testing national responses to major cyber attacks.
Architects of the drill, co-ordinated by the Attorney-General's Department, will not outline the cyber game scenario, organised by the US Department of Homeland Security.
Officials were concerned about maintaining the exercise's security, a department spokesman told The Sunday Age. Nor would he say when the exercise begins, although The Sunday Age believes it is imminent.
Cyber Storms I and II, in 2006 and 2008, resulted in virtual chaos. The first was based on a scenario in which a coalition of anti-globalisation activists attacked US and Canadian computer systems. The attacks cut power supplies, disrupted ports and airlines, and compromised intelligence communications.
Cyber Storm II, with Australia playing a major role, was based on a similar scenario - simulated attacks by a group with a political agenda and the time, money and motivation to penetrate any network.
A report by the Attorney-General's Department reveals participants were stunned by the speed and global scope of cyber attacks on banking, finance, water, electricity, communications, information technology and government agencies.
While no real operations were affected, information systems virtually collapsed during the exercise, as IT managers scrambled to cope.
When systems controlling power supplies were hit, communications also failed. Under intense pressure, players abandoned protocols for dealing with failures, losing key information in the process. A common problem, according to the report, was that while responding to multiple incidents, managers failed to see they faced a crisis.
The director of the Cyber Storm II, Steven Stroud, told an industry conference that participants were surprised by the level of damage inflicted by the attacks, even though they were aware of the risks. ''If you hit your hand with a hammer, it's going to hurt. In Cyber Storm, a lot of people hit their hand with a hammer and were surprised that it hurt,'' he said.
Cyber III, which also involves Britain, Canada and New Zealand, is the latest sign of how seriously governments regard the risk of cyber attack.
In a speech last month, ASIO boss David Irvine placed cyber attack alongside terrorism at the top of Australia's threat list, describing it as ''the issue of the 21st century''.
When he opened the new cyber security operations centre in Canberra in January, then defence minister John Faulkner revealed defence networks were attacked on a daily basis. There were about 200 ''electronic security incidents'' involving defence networks each month last year, he said.
Senator Faulkner declined to comment on whether the attacks were launched by China, the culprit widely blamed for state-sponsored cyber attacks.
The former head of the Australian Federal Police high technology crime centre, Alastair MacGibbon, sees gaps in Australia's approach to the cyber threat.
While official efforts focused on protecting government and corporations, members of the public did not understand the extent of the problem or the risks they faced. There was little capacity for ordinary citizens to report online crime affecting them, or for these reports to be co-ordinated and assessed.
Mr MacGibbon, who works for Surete Group consultancy, said talk of the cyber threat was not a ''Chicken Little exercise of saying the sky is falling down. The threat is real, and it requires prudent planning.''
Nor were cyber attacks without victims. ''Because people don't see physical damage when it comes through cyber, people have got the idea that it's a very clean weapon. There's nothing clean about it.'' Attacks on power grids, for instance, could have ''huge unintended consequences'' on places such as hospital wards.
''This is a dirty weapon you can't see.''
