The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, today released its final report on the first Pan-European cyber security exercise, “Cyber Europe 2010”. The exercise was conducted back in November 2010 as a way to trigger communication and collaboration between countries and as a step for strengthening Europe’s cyber defenses in the event of large-scale cyber-attacks.
Throughout the exercise, over 70 cyber defense experts from various public bodies worked together to defend over 300 simulated cyber attacks aimed at paralyzing the Internet and critical online services across Europe. Included in the exercise was a simulated loss of Internet connectivity between the countries, that required cross-border cooperation to avoid a (simulated) total network crash.
ENISA noted that during the exercise, there were a few minor technical and communication problems. For example, some injects were delayed or slowed, along with some minor difficulties with the use of government emails in combination with VPNs. The agency suggested that in the future, dedicated exercise hardware, as well as adherence to strict requirements that would be communicated beforehand, could help in eliminating the technical issues. Additionally, the agency noted that communication between those involved didn’t always work well due to language barriers. However, one of the objectives of the exercise was to identify the level of the communication capability between responders.
Evaluation of the exercise was conducted at three levels: National, Pan-European, and Overall.
According to the report’s key findings:
• Member States’ Information Technology bodies communicate in a wide variety of ways. Harmonization of standard operating procedures would lead to more secure and efficient communications between them.
• The ability of participants to find the relevant points of contact within organizations varied. In the event of a real crisis, some 55 % of countries were not confident they would be able to quickly identify the right contact, even with the available directories.
• Participants were evenly divided about if a ‘Single Point of Contact’ (SPOC) or ‘Multiple Points of Contact’ (MPOC) would be better. A SPOC would be easier; however, realistically today there are multiple points of contact. Having MPOC also avoids there being a single point of failure.
The report’s main recommendations include that:
• Europe should continue to hold exercises in Critical Information Infrastructure Protection (CIIP): 86% of the participants found the ‘dry run’ either ‘very’ or ‘extremely’ useful.
• The ‘Lessons Identified’ should be exchanged with those holding other (national or international) exercises.
• Member States should be well organized internally by, for example, developing and testing national contingency plans and exercises. European countries are organized nationally in a variety of ways. Given the differences in structures and process, it is vital to know whom to contact. The dialogue on the necessity of a SPOC or MPOC at the EU level should continue, and ENISA can be the facilitator of this.
• A roadmap for pan-EU exercises should be created. This would include a definition of standard procedures and structures for large scale events
The exercise didn’t attempt to simulate the actions of the private sector, nor did it attempt to engage participants in acting as the private sector. EINISA did note, however, that after the exercise it was almost unanimously agreed that in order to achieve more realistic exercises, the private sector must be involved in future, giving the exercises a broader scope and being more realistic, enabling testing measures beyond cross country communication.
The full report can be downloaded here. (47-Pages PDF)