Final report: Pan-European cyber security exercise
Posted on 18 April 2011.
The EU's cyber security agency, ENISA, has issued its final report on the first Pan-European cyber security exercise for public bodies, Cyber Europe 2010.

The report underlines the need for more cyber security exercises in the future, increased collaboration between the Member States and the importance of the private sector in ensuring IT security.

Supporting EU-wide exercises concerning cyber-security preparedness is a priority for the EU within its "Digital Agenda for Europe", in order to ensure that businesses and citizens are secure when they are online.

The exercise was conducted on the 4th of November, 2010. Its objective was to trigger communication and collaboration between countries in the event of large-scale cyber-attacks. Over 70 experts from the participating public bodies worked together to counter over 300 simulated hacking attacks aimed at paralysing the Internet and critical online services across Europe. During the exercise, a simulated loss of Internet connectivity between the countries took place, requiring cross-border cooperation to avoid a (simulated) total network crash.

Key findings

Member States’ Information Technology bodies communicate in a wide variety of ways. Harmonisation of standard operating procedures would lead to more secure and efficient communications between them.

The ability of participants to find the relevant points of contact within organisations varied. In the event of a real crisis, some 55 % of countries were not confident they would be able to quickly identify the right contact, even with the available directories.

Participants were evenly divided about if a ‘Single Point of Contact’ (SPOC) or ‘Multiple Points of Contact’ (MPOC) would be better. A SPOC would be easier, however, realistically today there are multiple points of contact. Having MPOC also avoids there being a single point of failure.

The report’s main recommendations include that:
  • Europe should continue to hold exercises in Critical Information Infrastructure Protection (CIIP): 86% of the participants found the ‘dry run’ either ‘very’ or ‘extremely’ useful.
  • The private sector can contribute value to future exercises by increasing levels of realism.
  • The ‘Lessons Identified’ should be exchanged with those holding other (national or international) exercises.
  • Member States should be well organised internally by, for example, developing and testing national contingency plans and exercises. European countries are organised nationally in a variety of ways. Given the differences in structures and process, it is vital to know whom to contact. The dialogue on the necessity of a SPOC or MPOC at the EU level should continue, and ENISA can be the facilitator of this.
  • A roadmap for pan-EU exercises should be created. This would include a definition of standard procedures and structures for large scale events.
“The Cyber Europe report identifies how we can make our online economic and social activities more secure. ENISA is dedicated to supporting European exercises, processes and plans to protect the Information Communications Technology infrastructure, on which we are all increasingly dependent,” says Prof. Udo Helmbrecht, Executive Director of ENISA.

The full report is available here.





Spotlight

The synergy of hackers and tools at the Black Hat Arsenal

Posted on 27 August 2014.  |  Tucked away from the glamour of the vendor booths and the large presentation rooms filled with rockstar sessions, was the Arsenal - a place where developers were able to present their security tools and grow their community.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Aug 27th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //