Three hundred IT security professionals from across Europe are locking horns in a simulated cyber war exercise taking place today which — if it were a real attack — would be capable of disrupting services for millions of Europeans. The exercise, known as Cyber Europe 2012, is being run by ENISA: the European Network and Information Security Agency, and is part of ongoing efforts to bolster cyber crisis cooperation, preparedness and response across Europe. This is first Cyber Europe event to include participants from the private sector — specifically the finance sector, ISPs and eGovernment — not just the public sector.
“ENISA aims to support the cyber crisis community in improving the resilience of critical information infrastructures,” notes Prof. Udo Helmbrecht, Executive Director of ENISA, in a statement.
The exercise has three main aims:
- Test effectiveness and scalability of existing mechanisms, procedures and information flow for public authorities’ cooperation in Europe;
- Explore the cooperation between public and private stakeholders in Europe;
- Identify gaps and challenges on how large scale cyber incidents could be handled more effectively in Europe.
The first Cyber Europe event took place in 2010 but this event is larger and more complex — with 300 security professionals (rather than the 70+ who took part in 2010) and enough “cyber incidents” being triggered to challenge the participants (more than 1000 injects by the end of the exercise vs 300+ in the 2010 exercise). The event will also look to test the scope for cooperation between the different countries and sectors participating.
In ENISA’s final report on the 2010 cyber security exercise it recommended
- more cyber security exercises in the future,
- increased collaboration between the Member States,
- the importance of the private sector in ensuring security.
The 2012 attack scenario involves combining multiple “technically realistic threats” into one simultaneously escalating Distributed Denial of Service attack on online services in all participating countries — 25 countries are actively participating, while four countries have observers attending the event.
The European Commission’s communication from 2009 on Critical Information Infrastructure Protection helped established the first pan-European Cyber Exercise.