We've had to wait ten months, but Australia's Attorney-General Robert McLelland has finally released the public report on Cyber Storm III, the five-nation security exercise held 27 to 30 September 2010 and the largest of its kind. Why did he bother?
The four-page document contains almost no concrete detail. One page is the cover, another a table of contents listing just three sections. The remaining two pages contain those three sections. Fewer than 1000 words.
"The exercise provided insight into key decision making processes within government, business and industry. These insights could not have been achieved without processes being tested in an exercise," the report reveals. Gaps were identified. Improvements made. Relationships built.
There is no indication as to what the insights, gaps or improvements might be.
Cyber Storm III was sponsored by US Department of Homeland Security and involved the usual-suspect Anglosphere nations: US, UK, Australia, Canada and New Zealand. Japan and nine European nations also participated as members of the International Watch and Warning Network.
In Australia around 50 organisations took part. Apart from the obvious government, military and law enforcement players, they included Telstra, the Australian Stock Exchange, Woolworths, ANZ and the domain name authority auDA.
The exercise was entirely simulated. No live systems were involved.
"Australia should continue to plan and undertake regular cyber exercises as part of a broader national and international engagement program that practices and evaluates performances across tactical, operational and strategic levels," the report said.
Or in fewer words, "Practice makes perfect."