The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, today kicked off a cyber security exercise across Europe designed to help Nations be prepared to deal with cyber attacks.
During the exercise, more than 300 cyber security professionals in 25 countries across Europe will test their skills and ability to work together, in order to defend against a massive simulated cyber-attack.
Dubbed “Cyber Europe 2012”, the pan-European cyber exercise “builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures.”
“Cyber Europe 2012 is a distributed table-top exercise organized by the Member States of the European Union and the European Free Trade Association (EFTA) countries,” ENISA explained in a statement.
Cyber Europe 2012 will include several “technically realistic threats” into a single escalating Distributed Denial of Service (DDoS) attack on online services in all participating countries simultaneously.
“This kind of scenario would disrupt services for millions of citizens across Europe,” ENISA said. This complex “attack”, ENISA explains, will create enough cyber incidents to challenge the cyber defenders throughout Europe, while at the same time forcing cooperation.
ENISA said that when the exercise is completed, the participants will have managed more than 1000 simulated cyber incidents.
According to ENISA, Cyber Europe 2012 has three objectives:
1. Test effectiveness and scalability of existing mechanisms, procedures and information flow for public authorities’ cooperation in Europe;
2. Explore the cooperation between public and private stakeholders in Europe;
3. Identify gaps and challenges on how large scale cyber incidents could be handled more effectively in Europe.
In addition to government agencies, this is the first time the private sector is taking part in the exercise, with organizations from the financial sector, ISPs and eGovernment.
The decision to include the private sector came after analyzing the results of the Cyber Europe 2010 exercise, and at the time, unanimously agreeing that in order to achieve more realistic exercises, the private sector must be involved in future, giving the exercises a broader scope and being more realistic.
During the 2010 Cyber Europe exercise, ENISA said there were a few minor technical and communication problems. For example, some injects were delayed or slowed, along with some minor difficulties with the use of government emails in combination with VPNs. Additionally, the agency noted that communication between those involved didn’t always work well due to language barriers.
It will be interesting to see the results, and (hopefully) progress that has been made both in terms of technical ability to combat cyber attacks, and communications and cooperation between the Nations.
“Pan-European cyber exercises are a powerful mechanism to test the effectiveness and scalability of existing mechanisms, procedures and information flow between Member States and private sector in case of large scale cyber incidents,” said Evangelos Ouzounis, ENISA’s Head of Resilience and CIIP Unit.
Cyber Europe 2012 is facilitated by ENISA and supported by the European Commission's in-house science service, the Joint Research Centre (JRC).