Simulated cyber attack reveals EU flaws in coordination

Some 55 percent of national information technology agencies would not know who to contact in the event of a European Union cyber attack, according to E.U. cybersecurity agency ENISA.The criticism was in ENISA’s review of the first pan-European simulated cybersecurity exercise. The Cyber Europe 2010 exercise took place on Nov. 4, 2010, and involvd more than 70 experts from the participating public bodies who worked together to counter over 300 simulated hacking attacks aimed at paralyzing the Internet and critical online services across Europe.
http://www.networkworld.com/news/2011/041811-simulated-cyber-attack-reveals-eu.htmlAlso see:EU Agency ENISA issues final report & video clip on ‘Cyber Europe 2010’: the 1st pan- European cyber security exercise [news release]
EU Agency ENISA issues final report and video clip on Cyber Europe 2010: the 1st pan- European cyber security exercise for public bodies. The European Union’s cyber security agency, ENISA has issued the final report on the first Pan-European cyber security exercise for public bodies, ‘Cyber Europe 2010’.The European Union’s cyber security agency, ENISA has issued the final report on the first Pan-European cyber security exercise for public bodies, ‘Cyber Europe 2010’. The report underlines a need for:

  • more cyber security exercises in the future,
  • increased collaboration between the Member States,
  • the importance of the private sector in ensuring security.

Supporting EU-wide cyber security preparedness exercises is an EU priority in its ‘Digital Agenda for Europe’, as to ensure that businesses and citizens are secure online. The Agency also released an online video clip to support the report.’Cyber Europe 2010′ was conducted on the 4th of November 2010. Its objective was to trigger communication and collaboration between countries to respond to large-scale cyber-attacks. Over 70 Experts from the participating public bodies worked together to counter +300 simulated hacking attacks aimed at paralysing the Internet and critical online services across Europe. During the exercise, a simulated loss of Internet connectivity between the countries took place, requiring cross border cooperation to avoid a ( simulated) total network crash.The evaluation of the exercise was conducted at three levels:

  1. National
  2. Pan-European
  3. Overall

Key findings include that:

  • Member States Information Technology bodies communicate in a wide variety of ways. Harmonisation of standard operating procedures would lead to more secure and efficient communication between them.
  • The ability to find the relevant points of contact within organisations varied. In the event of a real crisis, some 55 % of countries were not confident they would be able to quickly identify the right contact, even with the available directories.
  • Participants were evenly divided on whether a ‘Single Point of Contact’ (SPOC) or ‘Multiple Points of Contact’ (MPOC) would be better. A SPOC would be easier, but realistically, today there are multiple points of contact. MPOC also avoids a single point of failure.

The main recommendations include that:

  • Europe should continue to hold exercises in Critical Information Infrastructure Protection (CIIP): 86% of the participants found the ‘dry run’ ‘very’ or ‘extremely’ useful.
  • The private sector should provide value in future exercises by increasing levels of realism
  • ‘Lessons Identified’ should be exchanged with those holding other (national or international) exercises
  • Member States should be well organised internally, for example, by developing and testing national contingency plans and exercises:

European countries are organised nationally in a variety of ways. Given the differences in structures and process, it is vital to know whom to contact. The dialogue on the necessity of Single Point of Contact or Multiple Points of Contact at the EU level should continue, and ENISA can be the facilitator of this.

  • A roadmap for pan-EU exercises should be created. This would include a definition of standard procedures and structures for large scale events.

“The Cyber Europe report identifies how we can make our online economic and social activity more secure. ENISA is dedicated to supporting European exercises, processes and plans to protect the Information Communications Technology infrastructure on which we are all increasingly dependent, ” says Prof. Udo Helmbrecht, Executive Director of ENISA.
www.enisa.europa.eu/media/press-releases/eu-agency-enisa-issues-final-report-video-clip-on-cybereurope-2010-the-1st-pan-european-cyber-security-exercise-for-public-bodies

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.