Federal Government builds secret database to fight cyber-terrorism

The Federal Government has received sensitive data from utilities, banks and other organisations for the Critical Infrastructure Protection Modeling and Assessment (CIPMA) program. Pictured: The Cyber Security Operations Centre (CSOC) opened in January

Australia's biggest banks, telcos, and utilities have handed sensitive data to government for the protection of critical infrastructure (CI) against terrorism and natural disasters.

The rare move, which began in 2009, makes the country one of a few in the world with a centralised national critical infrastructure protection model.

The Critical Infrastructure Protection Modeling and Assessment (CIPMA) program was launched in 2007 and received a $23.4 million funding boost to 2012 in last year's budget.

It is spearheaded by the Federal Attorney-General which received a $15.2 million share and its research department Geoscience Australia which scored $800,000.

The CIPMA program is also an initiative of the Trusted Information Sharing Network formed to examine the relationships and dependencies between CI systems and how failures in one sector affect other sector operations.

A spokesperson from the Attorney General’s Department responding to Computerworld questions said the program is on time and budget, and owes its success to the industry’s willingness to trust the government with highly sensitive data.

“Identifying, tracking the cascading effects of [CI] and quantifying these consequences is a key rationale for establishing the CIPMA program,” the spokesperson said.

“Direct relationships with industry means that there is a high level of trust to enable the provision of accurate data for modelling and analysis.”

The department would not elaborate on what scenarios are being tested or what organisations are participating but said all scenarios use factual data and produce realistic results, something few countries have the ability to do.

Participants with approval can use the data to defend Australia in the annual international wargame Cyberstorm, which pits countries against each other including the US, UK and New Zealand in a mock online attacks on CI.

They can also use the models to cut internal costs by examining supply chain data and manufacturing processes.

About 4Tb of CI data will be stored in central databases, eliminating the need to retrieve information from knowledge experts who may be unreachable in a disaster.

System Dynamic Models are used to examine stock and flow data in CI such as network connectivity and the energy output of generators, to create an amalgamated output to be fed into a People, Building and Infrastructure profile. Data is then broken down into demographic, economic and business profiles, and statistical divisions to create unique disruption footprints.

An ASIO T4 approved security system protects stored data which includes highly secretive industry information entrusted to CIPMA.

The Attorney-General’s Department is establishing a panel of additional technical providers for the 2010 service delivery phase, following an expression of interest process. Work will be guided from the results of a pending interim review.

The CIPMA program is one of many actions that have been taken by authorities in recent times to counter the growing number of threats from cyber space, including those such as those undertaken this week by a group calling itself ‘Anonymous’, which launched a denial of service (DoS) attack on two government websites to protest the Federal Government’s plans to introduce mandatory ISP-level Internet content filtering.

The attack, named “Operation Titstorm”, hit the Australian Parliament House and the Department of Broadband, Communications and the Digital Economy (DBCDE) websites.

In January, the Federal Government moved to step up its cyber warfare defence capabilities with the opening of the Cyber Security Operations Centre (CSOC) announced as part of the Defence White Paper released last year.

The centre, housed inside the Defence Signals Directorate (DSD) headquarters in Canberra, will provide critical understanding of the threat from sophisticated cyber attacks, according to the minister for defence, senator John Faulkner.

In November 2009, Computerworld revealed the CSOC had already reached some operational capability but an acute lack of information on the offensive capabilities being developed remains with the government and Defence department refusing to divulge details.

There is also little clarity around its governance or oversight mechanisms, a circumstance that sparked calls from academics and information security analysts for greater public debate and disclosure.

Also in early November, the Australian Security Intelligence Organisation (ASIO) confirmed that Internet-based attacks have been used by hostile intelligence services to gain confidential Australian Government and business information. That same month the Government created a new national computer emergency response team, CERT Australia.