Cyber Europe 2012 revealed national and international cyber attack response holes


An October 2012 pan-European cyber exercise involving a conjectured distributed denial of service attack showed that some of the 25 nations participating experienced challenges in crisis management decision making "even though that was not part of the exercise objectives," says a European Network and Information Security Agency report.

The exercise, dubbed Cyber Europe 2012, imagined a massive cyber-attack against Europe, mainly through DDoS, against e-government and financial sector services. In all, 571 individuals from 339 organizations took part, the report (.pdf) says.

"Working together at the European level to keep the Internet and other essential infrastructures running is what today's exercise is all about," Neelie Kroes, vice-president of the European Commission, said at the time.

Other findings of the exercise include that sometimes overlapping public and private sector response mechanisms within some countries hindered effective response. At the international level, having a set of standard operational procedures and communications tools "helped to provide structure and situation awareness," although the operational procedures came under pressure due to the scale of the simulated attack, the report adds.

Familiar with the procedures and cross-border information flows "proved to be crucial for building a fast and effective response capability across Europe," it also says.

For more:
- download the ENISA report, "Cyber Europe 2012 Key Findings and Recommendations" (.pdf)
- go to an Oct 2012 ENISA press release on the exercise

Related Articles:
International cybersecurity exercises grow in popularity
Mobile telecom was the most vulnerable in 2011, says ENISA
ENISA: Data breach notification regulation could divert attention from causes