International cybersecurity exercises grow in popularity
While there is growing support for international cybersecurity exercises, more can be done to ensure such exercises are successful, according to a report (.pdf) published Oct. 25 by the European Network and Information Security Agency.
International cybersecurity exercises are more popular now than in past years. Sixty multinational cybersecurity exercises were held from 2010 to 2012, while only 25 were conducted in the 8 years prior to that period, finds the report.
Of the 85 exercises conducted from 2002 to 2012, 64 percent involved more than 10 countries and 13 percent involved six to 10 countries. In 57 percent of the exercises, both public and private-sector entities participated, while only 41 percent involved government alone.
Report authors say there is broad consensus that cyber exercises help to enhance "preparedness, responsiveness and knowledge of stakeholders in responding to cyber incidents." But, despite these developments in international collaboration, ENISA reports that the global exercise community should be more integrated to ensure the exchange of cyber exercise best practices.
Report authors also recommend more complex cyber exercises be conducted.
"The challenge is to organize cyber exercises that can test all different complexities of a cross-border crisis, specifically testing different levels (operational, tactical and strategic) together," write report authors.
What's more, exercises should be included in the lifecycle of national cyber crisis contingency plans. Nations should also institutionalize the exercises, by initiating a step-by-step methodology for cross-border cyber-exercises and developing feedback mechanisms for recording lessons learned from exercises.
"Any cyber exercise (an exercise in general) is not a target in itself," notes the report. "It is vital to have the necessary feedback mechanisms to implement any changes needed as a result of the lessons learned from the exercise."
Cyber attacks subject to international law, says State Dept.
Alperovitch: Cyber deterrence depends on threat detection, offensive capabilities
AFCEA panel: Government, private sector dissatisfied with collaboration efforts