The European ICT Industry is one of the most advanced in the world. Making the EU’s single market fit for the digital age could contribute €415 billion per year to our economy and create hundreds of thousands of new jobs. The pervasiveness of high-speed connectivity and the richness and quality of online services in the European Union are among the best globally. Such advantages have considerably increased the dependability of European citizens on ICT services. These two elements, quality of services and customer base, make this industry particularly appealing to global business. What if this important piece of the global economy becomes a target? Computer security attacks are increasingly used to perform industrial reconnaissance, lead disinformation campaigns, manipulate stock markets, leak sensitive information, tamper with customer data, sabotage critical infrastructures. In Cyber Europe 2016, Member State cybersecurity authorities and cybersecurity experts from the public and private sectors, are called to react to a series of unprecedented, coordinated cyber-attacks.
According to ENISA – the European Union Agency for Network and Information Security – Cyber Europe 2016 (CE2016) was an opportunity for cyber-security professionals to analyse complex, innovative and realistic scenarios.
“For the first time, a full scenario was developed with actors, media coverage, simulated companies and social media, bringing in the public affairs dimension associated with cyber crises, so as to increase realism to a level never seen before in cyber-security exercises,” ENISA said.
For the past two days, representatives from more than 300 organisations including national cyber-security agencies, ministries, EU institutions and commercial IT service providers collaborated on addressing a simulated crisis that has been brewing for the past six months.
The CE2016 scenario “paints a very dark scenario” and was inspired by threats to critical national infrastructure (CNI), the internet of things (IoT) and cloud computing, using threat vectors as diverse as drones, innovative exfiltration methods, mobile malware and ransomware.
The motto of the exercise is “Stronger Together” and the key to success is cooperation at all levels to stymie transnational threats, according to ENISA. The exercise centred on political and economic policies as they relate to cyber-security, with a special focus on the Network and Information Security (NIS) directive which was recently passed by the EU Parliament.
The key findings are
Cyber Europe exercises, as well as any cooperation activity at European level during real cyber crises, build upon existing relations between Member States. ENISA and the Member States will continue to invest in trust building activities to maintain and further develop existing trust.
ENISA and the Member States should further develop the operational procedures which drive the cooperation activities during a cyber crisis, taking into account existing and future cooperation frameworks, to bring these procedures to a maturity level similar to those found in other sectors such as civil protection and aviation.
ENISA and the Member States will seek further integration with national and regional activities.
ENISA will address future Cyber Europe activities as a programme containing both trainings as well as small and large scale exercises, in order to provide a better experience and achieve greater impact.
- Lastly, ENISA will further develop the Cyber Exercise Platform to offer a richer experience to both players and planners, as well as to support the organisation of national and regional exercises, fostering the development of a cyber exercise community.