A Cyber Storm report was released following the exercise in February last year which identified eight specific areas in need of improvement.

These included better inter-agency coordination, the formation of a training and exercise program, increased coordination between those involved in cyber incidents, the development of a common framework for response and information access, as well as the development of a strategic communications and public relations plan.

Security experts said the first Cyber Storm event last year improved participants' understanding of who to call in the event of an attack, but did not identify specific vulnerabilities in the nation's computer systems.

"What they're trying to do is highlight the inefficiencies in the process," according to Marcus Sachs, deputy director with research group SRI International's Computer Science Laboratory. "They're not really looking for technical solutions."

Edith Cowan University IBM professor of Computer and Information Security, Bill Hutchinson, said Cyber Storm is shaped by vendor involvement which is "fixed and rigid".

"It will be full of companies and government departments and the limitation of such an exercise would be that it would be close-minded," Hutchinson said.

"Product and government people have to have a world view, but in an integrated situation you need creative input - say for instance if a hardware person was trained by one particular vendor then they will only know how one product works: they have had a system of training that is rigid and fixed, but you need someone creative to cope with savage exploits, or else they will only use products they know how to fix."

A Cyber Storm summary report by the Information Systems Security Association (ISSA) is available here.