The European Network and Information Security Agency (ENISA) organised a simulated distributed denial-of-service (DDoS) attack yesterday afternoon involving more than 300 European cyber security professionals.
As part of the Cyber Europe 2012 exercise, organised by the Member States of the European Union and the European Free Trade Association (EFTA) countries, the attack was designed to stress test capabilities and identify gaps and challenges on how large-scale cyber incidents could be handled more effectively in Europe.
It was also designed to test the effectiveness and scalability of existing mechanisms, procedures and information flow for public authorities' cooperation in Europe and explore the cooperation between public and private stakeholders in Europe.
The exercise was observed by four countries and 25 countries actively participated in the simulated ‘attack' on online services in all participating countries.
Paul Lawrence, VP of international operations at Corero Network Security, told SC Magazine that he did not yet have data or reports from Thursday afternoon's experiment, but said it was a chance to see "where the holes were".
He said: “This was a collective effort with members of the organisations working with a friendly botnet to strike the services of members and point them in the right direction. It was much more controlled than a standard attack as you can see where the traffic is coming from and see the levels of vulnerability.”
He pointed at the attack on Russia Today in August, which he said showed that it did not have the right level of protection to deal with a DDoS attack, and it most likely had a standard security architecture.
“They likely had a firewall and intrusion prevention system, but that is not enough to mitigate against a DDoS attack. This would have given organisations the ability to protect themselves and understand where the weaknesses are,” he said.
Download the SC ebook ‘DDoS for Dummies' attacks here