Europe simulates total cyber war
Posted in: Legal, Privacy & Security at 05/11/2010 15:28
Essential web services have come under simulated attack as European nations test their cyber defences.
The first-ever cross-European simulation of an all out cyber attack was planned to test how well nations cope as the attacks slow connections.
The simulation steadily reduced access to critical services to gauge how nations react.
The exercise also tested how nations work together to avoid a complete shut-down of international links.
Europe tests cyber defences against hackers [AFP]
European computer guards battled Thursday against a simulated attempt by hackers to bring down critical Internet services in the first pan-continental test of cyber defences.
All 27 of the European Union's member nations as well as Iceland, Norway and Switzerland took part in the simulation as participants or observers, working together against the fictitious online assault, the European Commission said.
Digital Agenda: cyber-security experts test defences in first pan-European simulation [news release]
Europe's cyber security experts are testing their responses today in the first ever pan-European cyber-attack simulation exercise. In "Cyber Europe 2010", experts will try to counter simulated attempts by hackers to paralyse critical online services in several EU Member States. The simulation will be based on a scenario where internet connectivity between European countries would be gradually lost or significantly reduced in all participating countries so that citizens, businesses and public institutions would find it difficult to access essential online services. In the exercise, Member States will need to cooperate with each other to avoid a simulated total network crash.
The event is organised by EU Member States with support from the European Network Security Agency (ENISA) and the Joint Research Centre (JRC). Today's exercise is due to be followed by more complex scenarios ultimately going from European to global level. Supporting EU-wide cyber-security preparedness exercises is one of the actions foreseen by the Digital Agenda for Europe (see IP/10/581, MEMO/10/199 and MEMO/10/200) to enhance online trust and security.
Neelie Kroes, Vice President of the European Commission for the Digital Agenda, who is visiting the UK's cyber-attack centre during the simulation exercise, said "This exercise to test Europe's preparedness against cyber threats is an important first step towards working together to combat potential online threats to essential infrastructure and ensuring citizens and businesses feel safe and secure online."
As part of today's "Cyber Europe 2010", experts across Europe will test their responses to a simulated attack from hackers on critical online services. The scenario for the exercise is that Internet connections between European countries are gradually lost or significantly reduced and, at its worst, effectively all major cross-country connections in Europe will be out of use.
In the simulation, citizens, businesses and public institutions would have difficulties to access critical online services (such as eGovernment), unless the traffic from affected interconnections were rerouted. The exercise will be based on a scenario as if, throughout the day, one country after the other increasingly suffered from access problems. All participating Member States will have to co-operate to mount a joint response to the fictitious crisis.
This cyber security exercise aims to enhance Member States' understanding of how cyber incidents are handled and test communication links and procedures in case of a real large-scale cyber incident. The exercise will test the appropriateness of contact points in the participating countries, the communication channels, the type of data exchanges over these channels and the understanding that Member States have of the role and mandate of their counterparts in other Member States.
The cyber security exercise has been organised by the EU's Member States in coordination with the European Network Security Agency (ENISA), and with the support of the European Commission's Joint Research Centre. All EU Member States as well as Iceland, Norway and Switzerland will participate either as active participants or observers. Depending on the country, various Member States' public authorities are involved, such as Communications Ministries, critical information infrastructure protection authorities, crisis management organisations, national computer security incident response teams (CSIRTs), national information security authorities and security intelligence organisations.
ENISA was created in 2004. On 30 September 2010 the Commission proposed to strengthen and modernise ENISA with a view to helping the EU, Member States and private stakeholders to develop their capabilities and preparedness to prevent, detect and respond to cyber-security challenges (see IP/10/1239, MEMO/10/459).
Also on 30 September 2010, the Commission proposed a Directive which would allow the perpetrators of cyber attacks and the producers of related and malicious software to be prosecuted and face heavier criminal sanctions. Member States would be also obliged to quickly respond to urgent requests for help in the case of cyber-attacks, rendering European justice and police cooperation in this area more effective (see MEMO/10/463).
Europe Plays War Games... Online
Don't panic: Digital security experts across Europe "successfully" countered online attacks designed to paralyze services and create a total network failure. Or at least they did a good job of pretending to -- as part of yesterday's first-ever pan-European cyber attack simulation exercise.
"This was a first key step for strengthening Europe's cyber protection," Dr. Udo Helmbrecht, director of European Network Security Agency (ENISA), said Friday in a statement. "Each mistake and error made were useful 'lessons-learnt'; that is what exercises are for." Obviously, due to the top-secret nature of the project, no details were forthcoming about what the mistakes were.
First EU Cyber Security Exercise 'Cyber Europe 2010' with >320 'incidents' successfully concluded
The first ever, pan-European cyber security exercise "Cyber Europe 2010" ended successfully yesterday. More than 150 experts from 70 public bodies around Europe participated in the exercise. They were exposed to more than 320 incidents, or 'injects'. The exercise was a first, key step for strengthening Europe's cyber defense. The key challenge now is for the Member States to implement the identified 'lessons-learnt' during the exercise. The Agency also advocates that all Member States in Europe should consider conducting national exercises as to improve its Critical Information Infrastructure Protection (CIIP).
CYBER EUROPE 2010 Exercise has started
On 4th November, the first ever, pan European cyber security exercise 'CYBER EUROPE 2010' occurred. See the Commission Press release on this, giving the full political framework.