Setting strong foundations: cyber discovery and response

Setting strong foundations: cyber discovery and response

Cyber Security Cyber Resilience Taskforce
Friday, 28 July 2017

Department of the Prime Minister and Cabinet

Post-it-notes stuck to a white board discussing cyber security.

There is a lot more to report this week now that the Taskforce has just about completed its first sprint.

We must take the broadest view of cyber security as we do our work: protecting our economy as well as protecting national security. Cyber security is important to every lounge room, every boardroom, our smart cities, manufacturing, health care, tourism, trade and more; it is our economic and social future.

This sprint we have focussed on discovery. We have been mapping the Australian cyber security ecosystem, developing cyber security threat scenarios and building a visualisation tool. Cyber Security also featured in the Government’s announcements on national security, and we will be taking this into account as we continue our work.

In the meantime, we have been growing our team with a number of government and private sector partners joining the effort, defining our second sprint and we are gearing up for our next Workshop.

Follow our progress through our fortnightly newsletter on the Office of the Cyber Security Special Adviser’s website and @CyberGovAU Twitter updates.

Communicating with the Community

Alerting Australia’s community in the event of an imminent cyber security threat is a key focus for the Taskforce. This is no small feat and will require communication to be coordinated, fast and effective in reaching as many people as possible.  Working in collaboration with government and private sector partners, the Taskforce is developing a cyber security crisis communication plan to improve preparedness to deal with an impending threat, such as another WannaCry.

Our long-term goal is to make sure that the Australian community becomes more resilient online and is better prepared to deal with known and unknown threats.  A second piece of work will commence to identify the best approach to ensure the cyber community is aware of reliance measures they can implement to improve their own personal or business cyber security and safety.

Cyber Incident Response Protocols

The team has been collating existing public and private sector artefacts and examples of good practice cyber incident and emergency management response plans. If you have any examples you are open to sharing, we would like to hear from you.

Developing cyber-threat scenarios

Our first sprint saw the creation of a series of hypothetical and real world cyber-threat scenarios. The first two being built out in our ecosystem mapping are based on events that impact the community: an individual impacted by a remote computer access scam, the other a small business facing a ransomware attack and data breach.

The scenario-based approach enables us to examine how different organisations – public and private – bring their capabilities to bear to support victims and mitigate impacts for the victim and the community more broadly. We are looking at communications, analysis and response efforts through a lens of Prevention, Preparedness, Response and Recovery. Initial work has already identified the need for rapidly building situational awareness to support critical incident management and communications.

Our thanks to businesses and individuals, including Informed Solutions and PwC, who allowed us to use their experiences in scenario development.

Mapping the Cyber Ecosystem

To understand and strengthen our capacity to respond to cyber security incidents at scale, we first need to understand who are the key players and what role they play in the cyber security ecosystem. We have kicked off a piece of work to map that ecosystem.

Rather than starting from a blank sheet of paper, our approach is to build an understanding of the ecosystem through a series of cyber-threat scenarios. Our first two scenarios have seen us map 46 participants across a broad spectrum of government, industry, not-for-profit, and academic institutions.

We are aware of the work undertaken by Baker McKenzie to map government effort (no-one said this was not complex!). If anyone else has done cyber security ecosystem mapping for Australia, we would love to hear from you!

We are also building this knowledge into a customer relationship management tool to ensure that we are consulting as broadly as possible in our future work.

It will also help us identify key actors, their roles, capabilities, strengths and opportunities to enhance the overall performance of Australia’s cyber security prevention, preparedness, response and recovery. 

Developing WannaCry response timeline

In collaboration with Australia’s leading data innovation group, Data61, the Taskforce is developing a visualisation of the WannaCry ransomware incident.

Data61’s analytic tools provide a ‘map-based’ interface that shows the spread of the WannaCry infestation across the globe in compressed real-time.

The tool overlays responses and incident management approaches to provide the taskforce with a rich report, including on communications about the event.

We expect it will also provide a simulation environment in which we can test and benchmark an improved incident management framework.

Second workshop to look at Cyber Delivery Service Standard

We are in the process of designing our second sprint, and are holding our next workshop in the first week of August. We will be creating a “Cyber Delivery Service Standard” – modelled on a digital services standard - to describe ‘what good looks like’ as a stakeholder within the cyber security ecosystem. This will give us a set of principles from which we can measure whether our systems are being designed to deliver a best-possible outcome.

Meet our Team: Matt W, Scrum Master and Advisor, Cyber Resilience Taskforce

What’s your Background?

My career has led me across a broad spectrum of roles and challenges. Whilst I would say I come from a classical Project Management background, about five years ago I switched to the dark side – Agile Project Management and haven’t looked back. The switch has seen me work in a Digital Agency in London, be a founder of 2 digital startups, and most recently help establish the eSafety Office, taking on the role of its Chief Digital Officer for the past two years.

What will you do in the Taskforce?

We’ve structured the taskforce to follow the agile methodology using the SCRUM approach. As such, my primary role in the taskforce is that of its Scrum Master. I believe in the Lean Startup approach, the fast fail and MVP – minimum viable product!

What is a Scrum Master?

Google Scrum Master and you will get 1,000 differing views. I find the Scrum Alliance definition is best and whilst I won’t go into it here, it is best described as the person who helps the team work within the Scrum approach – I help the team understand and be guided by the Scrum values, practices and rules to ultimately deliver value in the form of successful project outputs.

What else can you share?

Two things… I’m a year into my journey of parenthood and loving it! If you ever want to lose 30 minutes, just ask about my daughter Ella J and secondly, every time I’ve had one of those Myers Briggs tests, I’ve always come out way on my own on the far far FAR end of the extrovert scale. So if we do meet, please be aware – I talk things out and love to verbalize the journey… I think it’s a good thing to know!

Get involved with the Taskforce and have your voice heard!

We welcome views from government and the private sector on how we can best achieve our goal to improve Australia’s capability and response to cyber security and cybercrime threats and incidents. This might be through part time resources, hosting or participating in workshops or through sharing of cyber security incident management tools and strategies. To get involved contact