Cyber Europe 2016, a trans-European coordinated cyber attack simulation, has drawn to a close today, concluding months of exercises and scenarios.
Engaging 28 EU member states plus Switzerland and Norway, the fourth annual exercise involved thousands of cyber-security experts. The last exercise to run was CE2014 which involved around 200 organisations.
This year's event, running since April, is said to be the largest and most comprehensive EU cyber-security exercise to date.
According to ENISA – the European Union Agency for Network and Information Security – Cyber Europe 2016 (CE2016) was an opportunity for cyber-security professionals to analyse complex, innovative and realistic scenarios.
“For the first time, a full scenario was developed with actors, media coverage, simulated companies and social media, bringing in the public affairs dimension associated with cyber crises, so as to increase realism to a level never seen before in cyber-security exercises,” ENISA said.
For the past two days, representatives from more than 300 organisations including national cyber-security agencies, ministries, EU institutions and commercial IT service providers collaborated on addressing a simulated crisis that has been brewing for the past six months.
The CE2016 scenario “paints a very dark scenario” and was inspired by threats to critical national infrastructure (CNI), the internet of things (IoT) and cloud computing, using threat vectors as diverse as drones, innovative exfiltration methods, mobile malware and ransomware.
The motto of the exercise is “Stronger Together” and the key to success is cooperation at all levels to stymie transnational threats, according to ENISA. The exercise centred on political and economic policies as they relate to cyber-security, with a special focus on the Network and Information Security (NIS) directive which was recently passed by the EU Parliament.
Günther H. Oettinger, European commissioner for the digital economy and society, said the NIS Directive and CE2016 aim to promote cooperation between member states. “We are only as strong as our weakest link,” he said. “Cyber Europe 2016 provides a unique opportunity for Member States, public and private partners to enhance cyber contingency plans and pan-European cooperation."
Udo Helmbrecht, executive director of ENISA, said: “The role of ENISA in assisting the EU Member States for cyber crises is essential, both by organising exercises and by bringing together key stakeholders. Six years have passed since our first cyber crisis simulation and in that time the maturity level and response capability on complex cyber issues has increased. We are better prepared than we were, but that does not mean we have done enough and the work must continue. Cyber-attacks are more sophisticated than before. Cyber-security is not a state, it is a process.”
The outcomes of CE2016 will be analysed by ENISA and the member states, with detailed lessons shared with the participants to establish a list of actions to improve IT security. Many of the findings of the exercise are useful for the implementation of the NIS Directive, the work of the CSIRT Network and the European cyber cooperation platform, ENISA said.
CE2014 was criticised by a number of sources for failing to address the fundamental problems of inter-governmental communication and disparate incident response standards across borders.
However, an ENISA spokesperson, addressing these critics, said: “This kind of cooperation between the EU and EFTA countries is crucial for the strengthening of cross border, transnational cyber-incident management. The importance of this exercise is to learn whom to contact, to build trust in between the actors in Europe. This enables us build trust, to exchange best practices, procedures, cyber exercises, lessons learned, and expertise which are all paramount for ensuring a stronger community that is able to tackle transnational cyber-crises.”
An after action report, summarising the lessons from CE2016, will be published early in 2017. Cyber Europe will follow in 2018, while a number of smaller scale exercises are planned in between.
A report on CE2014 concluded with five key findings:
Cyber Europe exercises, as well as any cooperation activity at European level during real cyber crises, build upon existing relations between Member States. ENISA and the Member States will continue to invest in trust building activities to maintain and further develop existing trust.
ENISA and the Member States should further develop the operational procedures which drive the cooperation activities during a cyber crisis, taking into account existing and future cooperation frameworks, to bring these procedures to a maturity level similar to those found in other sectors such as civil protection and aviation.
ENISA and the Member States will seek further integration with national and regional activities.
ENISA will address future Cyber Europe activities as a programme containing both trainings as well as small and large scale exercises, in order to provide a better experience and achieve greater impact.
- Lastly, ENISA will further develop the Cyber Exercise Platform to offer a richer experience to both players and planners, as well as to support the organisation of national and regional exercises, fostering the development of a cyber exercise community.