EU and banks stage DDoS cyber-attack exercise

The European Union is hosting what it describes as its biggest cybersecurity exercise.Governments, businesses and ISPs (internet service providers) are being faced with 1,200 separate incidents during a simulated DDoS (distributed denial of service) attack.A similar event was staged in 2010, but this is the first time that the bloc’s banks have been involved.The results will be used to find ways to improve co-operation.However, one computer security expert warned that the effort would be of only limited use when it came to protecting organisations against real-world attacks. see:Europe joins forces in Cyber Europe 2012 [news release]
Today, more than 300 cyber security professionals across Europe join forces to counter a massive simulated cyber-attack in the 2nd pan-European Cyber Exercise, Cyber Europe 2012.The exercise builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures. As such, Cyber Europe 2012 is a major milestone in the efforts to strengthen cyber crisis cooperation, preparedness and response across Europe.Cyber Europe 2012 is a distributed table-top exercise organised by the Member States of the European Union and the European Free Trade Association (EFTA) countries. It is facilitated by the European Network and Information Security Agency (ENISA) and supported by the European Commission’s in-house science service, the Joint Research Centre (JRC). Compared to the 2010 exercise, Cyber Europe 2012 has grown considerably in scope, scale and complexity.Cyber Europe 2012 has three objectives:

  • Test effectiveness and scalability of existing mechanisms, procedures and information flow for public authorities’ cooperation in Europe;
  • Explore the cooperation between public and private stakeholders in Europe;
  • Identify gaps and challenges on how large scale cyber incidents could be handled more effectively in Europe.

Four countries are observing the exercise and 25 countries are actively participating. Using the lessons learned from Cyber Europe 2010, the private sector (from finance, ISPs and eGovernment) is taking part for the first time. In the exercise, public and private participants across Europe will take action at the national level. At the same time, public participants will cooperate across borders.The scenario for Cyber Europe 2012 combines several technically realistic threats into one simultaneously escalating Distributed Denial of Service (DDoS) attack on online services in all participating countries. This kind of scenario would disrupt services for millions of citizens across Europe.The complexity of the scenario allows for the creation of enough cyber incidents to challenge the several hundred public and private sector participants from throughout Europe, while at the same time triggering cooperation. By the end of the exercise, the participants will have had to handle more than 1000 injects (simulated cyber incidents).The Executive Director of ENISA, Prof. Udo Helmbrecht, comments:”ENISA aims to support the cyber crisis community in improving the resilience of critical information infrastructures. That is why we facilitated the organisation of Cyber Europe 2012.”BackgroundThe European Commission’s communication from 2009 on CIIP paved the way for the first pan-European Cyber Exercise. In the Digital Agenda,[1] ENISA was given the role of supporting EU and EFTA Member States in organising and running national exercises.[2]In 2009, ENISA published a ‘Good Practice Guide on National Exercises’ and the Agency has since then held many workshops across Europe to assist in the planning of national exercises. The Agency will soon publish a guide to national contingency planning.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.