Security Experts:

European Cyber Warriors Battle Massive (Simulated) Cyber Attack

The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, today kicked off a cyber security exercise across Europe designed to help Nations be prepared to deal with cyber attacks.

During the exercise, more than 300 cyber security professionals in 25 countries across Europe will test their skills and ability to work together, in order to defend against a massive simulated cyber-attack.

Cyber Europe 2012Dubbed “Cyber Europe 2012”, the pan-European cyber exercise “builds on and ties together extensive activities at both the national and European level to improve the resilience of critical information infrastructures.”

“Cyber Europe 2012 is a distributed table-top exercise organized by the Member States of the European Union and the European Free Trade Association (EFTA) countries,” ENISA explained in a statement.

Cyber Europe 2012 will include several “technically realistic threats” into a single escalating Distributed Denial of Service (DDoS) attack on online services in all participating countries simultaneously.

“This kind of scenario would disrupt services for millions of citizens across Europe,” ENISA said. This complex “attack”, ENISA explains, will create enough cyber incidents to challenge the cyber defenders throughout Europe, while at the same time forcing cooperation.

ENISA said that when the exercise is completed, the participants will have managed more than 1000 simulated cyber incidents.

Cyber Europe 2012 According to ENISA, Cyber Europe 2012 has three objectives:

1. Test effectiveness and scalability of existing mechanisms, procedures and information flow for public authorities’ cooperation in Europe;

2. Explore the cooperation between public and private stakeholders in Europe;

3. Identify gaps and challenges on how large scale cyber incidents could be handled more effectively in Europe.

In addition to government agencies, this is the first time the private sector is taking part in the exercise, with organizations from the financial sector, ISPs and eGovernment.

The decision to include the private sector came after analyzing the results of the Cyber Europe 2010 exercise, and at the time, unanimously agreeing that in order to achieve more realistic exercises, the private sector must be involved in future, giving the exercises a broader scope and being more realistic.

During the 2010 Cyber Europe exercise, ENISA said there were a few minor technical and communication problems. For example, some injects were delayed or slowed, along with some minor difficulties with the use of government emails in combination with VPNs. Additionally, the agency noted that communication between those involved didn’t always work well due to language barriers.

It will be interesting to see the results, and (hopefully) progress that has been made both in terms of technical ability to combat cyber attacks, and communications and cooperation between the Nations.

“Pan-European cyber exercises are a powerful mechanism to test the effectiveness and scalability of existing mechanisms, procedures and information flow between Member States and private sector in case of large scale cyber incidents,” said Evangelos Ouzounis, ENISA’s Head of Resilience and CIIP Unit.

Cyber Europe 2012 is facilitated by ENISA and supported by the European Commission's in-house science service, the Joint Research Centre (JRC).

view counter
For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.