EU cyber wargames already under fire

A European-wide cyber warfare exercise carried out last week has received a mixed response from those in the industry.

EU cyber security plans welcomed, with insistence that objectives must be achieved
EU cyber security plans welcomed, with insistence that objectives must be achieved

The Cyber Europe 2014 exercise was organised by the Crete-based European Union Agency for Network and Information Security (ENISA) and was carried out by 200 organisations and some 400 cyber security professionals from in and around the EU last week. 

Representatives came from 29 EU member states - and those in the EU Free Trade Space, and the war games reportedly consisted of 16 ‘technical' exercises said to be “similar to recent real life cases”. 

ENISA officials said that the event was designed to simulate unrest and political crisis at a pan-European level, and to test cyber security response across public and private sectors. A spokesman for the group told SCMagazineUK.com that the objective of this first phase was to “analyse how the events escalate and de-esclate, to understand these processes at all technical, operational, and strategic levels, as well as to understand the related public affairs issues linked to cyber threats.”

“All these issues were properly tested, as in a 'cyber stress test'," said ENISA via email.

The exercise, which is due to be followed up by ‘operational/tactical' and ‘strategic/political' events from ENISA later in the year - has, however, come in for stinging criticism.

"The main concern is national governments' reluctance to co-operate," Professor Bart Preneel, an information security expert from the Catholic University of Leuven, in Belgium, told AFP prior to the war games taking place.

"You can carry out all of the exercises you want, but cyber security really comes down to your ability to monitor, and for that, national agencies need to speak to each other all the time," Preneel added.

Another expert, who wished to remain anonymous, further added that the war games may have done little more than act as a communication exercise.

“Cross-border crises are hard to conceive especially if they are multi-sector, because different sectors will have different vulnerabilities,” said the source. 

“Different countries will have different response models so trying to dovetail hundreds of different players is a huge challenge considering that you want them to do even one thing in sync or correctly. These war games are never designed to test whether they all have defences that are up to the job of combating the latest malware, only the older recognised malware, so the objectives of this stage will be coordination and communication; and a catch up exercise to get everyone on the same page before the next phase.  

The source added that the war game would only have the optimum effect if it prepared companies for the 'unexpected'. 

“This year's war game is a step up from previous years with more technical demands of the participants than previously. This is a valuable exercise if they are looking at as many as 16 different types of case studies, but any real attack will have surprises that they did not expect, and the key question of any war game is how did it prepare them for the ‘unexpected'. 

In an email exchange with SCMagazineUK.com, ENISA spokesman Ulf Bergström defended the programme, while stressing the need for strong inter-state collaboration on the latest threats.

“We do not recognise such claims,” he said of the criticisms. “This was not the first time Cyber Europe was organised, rather the third time; 2010, 2012 and now 2014. Increasingly its scope, maturity and importance has grown for all participating member states and organisations, and also gained trust in the set up,” he told SCMagazineUK.com.

He added: “This exercise has demonstrated that strong cross-border cooperation is necessary for the EU member states, and the public and private sector.

“This kind of cooperation between the EU and EFTA countries is crucial for the strengthening of cross border, transnational cyber-incident management. The importance of this exercise  is to learn whom to contact, to build trust in between the actors in Europe. This enables us build trust, to exchange best practices, procedures, cyber exercises, lessons learned, and expertise which are all paramount for ensuring a stronger community that is able to tackle transnational cyber-crises.

“We have all come out of  the first part of this exercise very much strengthened, with the biannual event involving the energy and telecoms sector this time .”

Crucially, though, he added that as ENISA has no power over governing bodies, it can only recommended changes.

Collaboration in the cyber-crime space has been a hot topic of late, with EC3 head Troels Oerting saying last week – ahead of the EU Cybercrime Coalition (announced yesterday) – that it's the only way of beating cyber criminals.

“On 5 May we will see the launch of the EU Cybercrime Coalition, which will bring together more than 20 banks in the region to share information with each other and with us,” he said.

“{We] need to understand that [cyber crime] is a combined task, not just for police and law enforcement but for society too,” he told attendees at the time.

In related news, officials from the Japanese government are to meet with the European Union to discuss the possibility of joined-up cyber security efforts, in light of mounting attacks emanating from China, Russia, North Korea, Iran and some organised cyber criminal groups. Japan has already held meetings with the United States and the UK.

Sign up to our newsletters