Hacking groups — including public servants — join forces to attack city’s critical infrastructure

By Stephen Easton

Thursday September 5, 2019

Getty Images

A coalition of hacking groups, including some federal public servants, is causing havoc for a small city this week with wave after wave of cyberattacks against critical infrastructure.

The bad guys are using “sophisticated cyber warfare tactics” in an attempt to “wipe out” a place called Shell Cove, according to Minister for Government Services Stuart Robert.

They are doing so at the invitation of the Department of Human Services in its third annual cyber war games, dubbed Operation Tsunami 2019, which runs until Friday.

This Shell Cove is not the suburb on the New South Wales coast but an elaborate Lego model. It is the centrepiece of the department’s “cyber range” in Canberra and represents a dummy target for information security professionals to attack, as a way to hone their skills in cyber-defence.

The first war games were held in 2017, when four big federal departments competed to attack or defend the city and its plastic inhabitants. Since then the event has evolved somewhat and so has the model — its first iteration was repurposed from similar games run for high school students as a way to promote information security careers.

“Today, our participants are the red team,” Robert said, opening this year’s event on Wednesday morning.

“You are the bad guys. The city is represented in a stand-alone IT system developed by my department. The event plays out online but will be replicated on a physical model built over the last three years of these games. That model now contains more than 100,000 pieces of Lego, which I think is uber cool.”

The model city allows players and adjudicators to see the impact of cyber attacks on critical infrastructure as they happen. The minister said this was “a game with deadly and serious intent and consequences” that allowed the teams to “get into the minds of attackers operating out there in the real world” so they could anticipate threats, as well as a way to build skills and relationships in the information security field.

He told players these were “world-class and cutting-edge” war games, comparing them to those run by NATO, the European Union and the US Department of Homeland Security.

“Participants will get real-time, valuable experience in identifying and responding to national security level threats. However, the qualities you’ll demonstrate this week are not simply technical.

“You’ll have to demonstrate enhanced planning, coordination, communication, anticipation. You’ll need to be adaptive and crucially, deeper relations across the cybersecurity community will have to be built because a tighter cohort of cybersecurity professionals is a sure defence against those who would seek to do us harm.”

This year DHS is hosting staff from 13 other organisations in the public and private sectors, including several in the energy sector and the operators of two major mobile networks.

No company or government department will leave the war games with a bruised reputation, as their staff are arranged into five mixed teams of seven. Each tries to wreak destruction upon the city, which is defended by DHS, and one will be chosen as the winner by a panel of 15 adjudicators.

Although one massive insurance group sent staff along to participate, and another helped with the judging, the minister said he would have liked to see security staff or executives from all the banks in attendance.

Participating organisations:

  • Department of Human Services
  • Department of Home Affairs
  • Department of Defence
  • Australian Criminal Intelligence Commission
  • Australian Energy Market Operator
  • AusGrid
  • Energy Australia
  • Energy Queensland
  • Transgrid
  • AGL Energy
  • Woodside
  • Vodafone
  • Optus
  • Insurance Australia Group


  • Michelle Price, AustCyber
  • James Turner, CISO Lens
  • Mary Kelaher, Energy Queensland
  • Berin Lautenbach, Telstra
  • Ad Wolst, Energy Australia
  • Jamie Norton, Australian Taxation Office
  • Sean Hugo, Department of Home Affairs
  • Garry Bentlin, Transgrid
  • Daniel Grzelak, Atlassian
  • Anthony Chapman, Finance NSW
  • Bill Yeack, cybersecurity executive
  • Kristin Lyons, Australia Post
  • Andy Chauhan, AusGrid
  • Fred Thiele, Transport for NSW
  • Mackenzie Muir, QBE Insurance Group

About the author
Inline Feedbacks
View all comments
The Mandarin Premium

Insights & analysis that matter to you

Subscribe for only $5 a week

Get Premium Today