Cyber Europe 2014 targeted security agencies, ministries, telecoms, energy companies, financial institutions and internet service providers (ISPs) in a 24-hour exercise where almost all EU member states (except Belgium, Lithuania and Malta) tested their cyber-defence procedures against as many as 2,000 real-life attacks. These attacks included DDoS and web defacement attacks, data exfiltration and cyber-attacks against critical infrastructure.
Approximately 400 cyber-security professionals were involved in the exercise, which also involved national CERTs (Computer Emergency Response Teams). ENISA is expected to launch an in-depth report on the results from the exercise later in the year.
European Commission VP Neelie Kroes said that this kind of education is required in the face of an emerging cyber threat landscape.
“The sophistication and volume of cyber-attacks are increasing every day. They cannot be countered if individual states work alone or just a handful of them act together,” she said in a statement.
"I'm pleased that EU and member states are working with the EU institutions, with ENISA bringing them together. Only this kind of common effort will help keep today's economy and society protected."
ENISA executive director, Professor Udo Helmbrecht, added in a statement: “Five years ago there were no procedures to drive cooperation during a cyber-crisis between EU member states. Today we have the procedures in place collectively to mitigate a cyber-crisis on European level," said.
"The outcome of today's exercise will tell us where we stand and identify the next steps to take in order to keep improving."
Brian Honan, managing director and lead consultant at BH Consulting, said that it could prove useful for national CERTS.
“These tests are very useful in that they not only allow CERTs to practice their technical capabilities in the face of certain types of attacks, but more importantly they establish and reinforce communication and cooperation across CERTs in many different countries in the EU,” he told SCMagazineUK.com.
“One of the key elements in dealing with a major cyber-attack is being able to call on other CERTs to help deal with the attack. This may be in the form of dealing with the suspected source of attacks within their jurisdiction or providing resources and expertise in areas that your own team may not be strong. Knowing which CERT to contact, how to contact them, and who the key people are within each CERT are vital to ensure quick response and resolution to an attack. Running regular exercises can help establish and maintain those lines of communications.”
He added: “The other advantage it provides is that it can help establish and maintain a base level of capabilities across all CERTs. As with all aspects of cyber-security, some teams are more proficient than others. It is better to identify those teams that have deficiencies in certain areas during an exercise and address those weaknesses, rather than discover them during a real event.
Adrian Culley, a former Scotland Yard cyber-crime detective and now cyber-security consultant, said that the exercise – while laudable – was a big ask in just 24 hours.
“The aims of the exercise are laudable, however the scope seems somewhat immense to be effectively and efficiently covered in a single day,” he said in an email to SC.
“For such exercises to be truly meaningful they must have a tangible technical aspect ie real attacks on real systems, even if this is contained in an air-gapped training system. There is limited scope for meaningful learning from a purely paper based table-top exercise in this arena.”
This news coincides with a new set of guidelines being released aimed at improving inta-country cyber-sharing. The EU-Standard Operational Procedures (EU-SOPs) are designed to test how countries share operational information about cyber-threats.