The first ever, pan-European cyber security exercise “Cyber Europe 2010” ended successfully yesterday. More than 150 experts from 70 public bodies around Europe participated in the exercise. They were exposed to more than 320 incidents, or ‘injects’. The exercise was a first, key step for strengthening Europe’s cyber defense. The key challenge now is for the Member States to implement the identified ‘lessons-learnt’ during the exercise. The Agency also advocates that all Member States in Europe should consider conducting national exercises as to improve its Critical Information Infrastructure Protection (CIIP).
The exercise revealed a number of points where improvement in communication channels and procedures could be made. The Executive Director of ENISA, Dr Udo Helmbrecht commented, ‘This was a first key step for strengthening Europe’s cyber protection. Each mistake and error made were useful ‘lessons-learnt’; that is what exercises are for. Now, the challenge is for the Member States to analyse and properly implement these findings, of how to improve the communication channels and procedures. Both internally within a Member State, and in between Member States, across Europe, as to strengthen our common cooperation’.
The objectives of the exercise were:
– To establish trust in between actors within the Member State, and between the Member States (MS)
– To increase understanding of how management of incidents is done in different MS across Europe.
– To test the communication channels, communication points and procedures in the MS/between MS.
– To highlight interdependencies between MS across Europe.
– To increase mutual support procedures during incidents or massive cyber attacks
Participating were 22 Member States as players and 8 Member States as observers. In all, ca 50 persons were present in the Exercise Control Centre, situated in Athens, being exposed to more than 320 security so called ‘injects’ related to the availability of internet and corresponding critical online services. Across Europe in the participating Member States, 80 more persons were acting upon the instructions of the national moderators in Athens. The nationally based players may have contacted further others in their Member States. Typical profiles of players were Computer Emergency Response Teams, Ministries, National Regulatory Authorities, etc.
On 10th November, the Agency will make an official media briefing in Berlin, at the Commission Representation, providing more information and draft conclusions about the outcome of the exercise. The exercise will be evaluated in depth. There will also be evaluations made at national levels. These will later be fed into an accumulated public, EU-wide report of the exercise. The full report is anticipated to be published in the beginning of next year, i.e. early 2011.
Further links and reading:
Link to exercise FAQs (full details re scope, objectives, background etc).
Link to Commission press release of 4th Nov. (in 23 languages).
Communication on Critical Information Infrastructure Protection (CIIP) COM(2009)
The ‘Digital Agenda’ of Commissioner Kroes.