Cyber Europe 2012. Key Findings and Recommendations



Similar documents
National Cyber Security Strategies

National Cyber Security Strategies. Practical Guide on Development and Execution

How To Write An Article On The European Cyberspace Policy And Security Strategy

EU policy on Network and Information Security and Critical Information Infrastructure Protection

On National and International Cyber Security Exercises

EU Priorities in Cybersecurity. Steve Purser Head of Core Operations Department June 2013

Supporting CSIRTs in the EU Marco Thorbruegge Head of Unit Operational Security European Union Agency for Network and Information Security

Prof. Udo Helmbrecht

WORK PROGRAMME NOVEMBER 2012

Virtual Appliance Instructions for ENISA CERT Training TLP WHITE APRIL European Union Agency For Network And Information Security

Cyber Security in Europe

Cybersecurity Strategy of the Republic of Cyprus

Good Practice Guide on National Exercises

Dr. Vangelis OUZOUNIS Senior Expert Security Policies ENISA.

How To Understand And Understand The European Priorities In Information Security

Cooperation in Securing National Critical Infrastructure

Annual Incident Reports 2011

Cloud and Critical Information Infrastructures

ENISA What s On? ENISA as facilitator for enhanced Network and Information Security in Europe. CENTR General Assembly, Brussels October 4, 2012

OUTCOME OF PROCEEDINGS

CYSPA - EC projects supporting NIS

European Union Agency for Network and Information Security ENISA ANNUAL REPORT

NIS Direktive und Europäische sicherheitsrelevante Projekte Udo Helmbrecht Executive Director, ENISA

Contact details For contacting ENISA or for general enquiries on information security awareness matters, please use the following details:

Technical Guideline on Security Measures

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

FFIEC Cybersecurity Assessment Tool Overview for Chief Executive Officers and Boards of Directors

EU Cybersecurity: Ensuring Trust in the European Digital Economy

Cyberspace Situational Awarness in National Security System

The internet and digital technologies play an integral part

ENISA and Cloud Security

EISAS European Information Sharing and Alert System for citizens and SMEs Implementation through cooperation

Technical Guideline on Security Measures

Achieving Global Cyber Security Through Collaboration

Proposal for a DIRECTIVE OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL

Presidency of the Council of Ministers THE NATIONAL PLAN FOR CYBERSPACE PROTECTION AND ICT SECURITY

National Cyber Security Strategy

GOVERNMENT OF THE REPUBLIC OF LITHUANIA

ENISA and Cloud Security

The EU s approach to Cyber Security and Defence

Enhancing Cyber Security in Europe Dr. Cédric LÉVY-BENCHETON NIS Expert Cyber Security Summit 2015 Milan 16 April 2015

Sector Based Cyber Security Drills Lessons Learnt

On the European experience in critical infrastructure protection

Cybersecurity in the Digital Economy Challenges and Threats to the Financial Services Sector

Honourable members of the National Parliaments of the EU member states and candidate countries,

VACANCY NOTICE FOR THE POSITION OF SENIOR EXPERT IN SECURITY TOOLS AND ARCHITECTURE Ref. ENISA/TA/AD/2007/13

Cyber Security for Railway Signalling

Bioeconomy: Policy Implementation

All Eyes: A Security Breach Exercise. Disaster Recovery/Security and Business Continuity Readiness

Towards defining priorities for cybersecurity research in Horizon 2020's work programme Contributions from the Working Group on Secure ICT

2 Gabi Siboni, 1 Senior Research Fellow and Director,

National Cyber Security Policy -2013

Good Practices on Reporting Security Incidents

Cyber Security in EU: ENISA approach

Cybersecurity and the Romanian business environment in the regional and European context

Into the cybersecurity breach

Technical Guideline for Minimum Security Measures

How To Write A Cybersecurity Framework

Council of the European Union Brussels, 5 March 2015 (OR. en)

Cyber security initiatives in European Union and Greece The role of the Regulators

ROADMAP. Proposal on a European Strategy for Internet Security

Written Contribution of the National Association of Statutory Health Insurance Funds of

Portal Storm: A Cyber/Business Continuity Exercise. Cyber Security Initiatives

European Organization for Security (EOS) - Description and Envisaged Activities for 2012

CYBER SECURITY AND CYBER DEFENCE IN THE EUROPEAN UNION OPPORTUNITIES, SYNERGIES AND CHALLENGES

ESTABLISHING A NATIONAL CYBERSECURITY SYSTEM IN THE CONTEXT OF NATIONAL SECURITY AND DEFENCE SECTOR REFORM

EU cyber cooperation the digital frontline

CYSPA launch event - Turkey

EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final}

The EU approach to Cybersecurity and Cybercrime

FAQ to ENISA s report on technologies to improve the resilience of communication networks

COMMISSION STAFF WORKING DOCUMENT. Executive Summary of the Impact Assessment. Accompanying the document

Building Blocks of a Cyber Resilience Program. Monika Josi monika.josi@safis.ch

Boosting Productivity and Innovation Through. Public Sector Compliant Cloud Services

MEMORANDUM Date Our reference Page Measures based on the action plan for improved Internet security

ANALYSIS OF CYBER SECURITY ASPECTS IN THE MARITIME SECTOR

Preventing identity theft

Actions and Recommendations (A/R) Summary

Germany: Report on Developments in the Field of Information and Telecommunications in the Context of International Security (RES 69/28),

EUROPEAN COMMISSION ENTERPRISE AND INDUSTRY DIRECTORATE-GENERAL. Space, Security and GMES Security Research and Development

Third EU Health Programme

Waking Shark II Desktop Cyber Exercise

ASEAN Regional Forum Cyber Incident Response Workshop Republic of Singapore 6-7 September Co-Chair s Summary Report

JOINT COMMUNICATION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

Cyber Security Strategy of Georgia

FFIEC Cybersecurity Assessment Tool

Expert Meeting on CYBERLAWS AND REGULATIONS FOR ENHANCING E-COMMERCE: INCLUDING CASE STUDIES AND LESSONS LEARNED March 2015

Transcription:

Cyber Europe 2012 December 2012

On National and International Cyber Exercises S I Acknowledgements ENISA wishes to thank all persons and organisations which have contributed to this exercise. In particular, our gratitude goes to the exercise planners, national monitors and moderators. About ENISA The European Network and Information Security Agency (ENISA) is a centre of network and information security expertise for the EU, its Member States, the private sector and Europe s citizens. ENISA works with these groups to develop advice and recommendations on good practice in information security. It assists EU Member States in implementing relevant EU legislation and works to improve the resilience of Europe s critical information infrastructure and networks. ENISA seeks to enhance existing expertise in EU Member States by supporting the development of cross-border communities committed to improving network and information security throughout the EU. More information about ENISA and its work can be found at www.enisa.europa.eu. Follow us on Facebook Twitter LinkedIn Youtube & RSS feeds ENISA Project Team Panagiotis TRIMINTZIOS, ENISA Razvan GAVRILA, ENISA Maj Ritter Klejnstrup, ENISA Contact details For questions related to this report or any other general inquiries about the resilience program please use the following contact address: resilience at enisa.europa.eu Legal notice Please note that this publication represents the views and interpretations of the authors and editors, unless stated otherwise. This publication should not be construed to be a legal action of ENISA or the ENISA bodies unless adopted pursuant to the ENISA Regulation (EC) No 460/2004 as lastly amended by Regulation (EU) No 580/2011. This publication does not necessarily represent state-of-the-art and ENISA may update it from time to time. Third-party sources are quoted as appropriate. ENISA is not responsible for the content of the external sources including external websites referenced in this publication. This publication is intended for information purposes only. It must be accessible free of charge. Neither ENISA nor any person acting on its behalf is responsible for the use that might be made of the information contained in this publication. Reproduction is authorised provided the source is acknowledged. European Network and Information Security Agency (ENISA), 2012

II On National and International Cyber Exercises Contents About Cyber Europe 2012... 4 The planning process... 5 The scenario... 5 The Players... 5 Media attention... 6 Key Findings... 7 National-level cooperation... 7 International-level cooperation... 7 Cyber exercises... 8 Recommendations... 8

4 On National and International Cyber Exercises About Cyber Europe 2012 On 4 October 2012 more than 500 cyber-security professionals across Europe participated in Cyber Europe 2012, the second pan-european Cyber Exercise. The exercise built on extensive activities at both the national and European level to improve the resilience of critical information infrastructures. As such, Cyber Europe 2012 was a milestone in the efforts to strengthen cyber-crisis cooperation, preparedness and response across Europe. In 2009, the European Commission issued a communication on Critical Information Infrastructure Protection (CIIP): Protecting Europe from large-scale cyber-attacks and disruptions: enhancing preparedness, security and resilience (COM/2009/149). This communication gave rise to the first pan- European Cyber Exercise, which took place on 4 November 2010. The European Commission moved forward with its Digital Agenda for Europe (2010), and its 2011 communication: Achievements and next steps: towards global cyber-security (COM/2011/163). Building on these efforts, Cyber Europe 2012 expanded in scope, scale and complexity. Cyber Europe 2012 had three objectives: 1. Test the effectiveness and scalability of mechanisms, procedures and information flow for public authorities cooperation in Europe. 2. Explore the cooperation between public and private stakeholders in Europe. 3. Identify gaps and challenges on how large-scale cyber-incidents could be handled more effectively in Europe. Twenty-nine EU (European Union) and EFTA (European Free Trade Association) Member States were involved in the exercise; 25 of them participated actively in the exercise, while the other four were involved as observers. In addition, several EU Institutions participated. Overall, 339 organisations participated in the exercise, bringing a total of 571 individual players in action. Following up on a key recommendation of Cyber Europe 2010, the private sector actors took part in this exercise. Cooperation between public and private players took place at the national level, while public authorities also cooperated across borders. The majority of the players (88%) were positive about the exercise (see Figure 1). Figure 1: Level of players satisfaction

On National and International Cyber Exercises 5 The planning process Cyber Europe 2012 was facilitated by the European Network and Information Security Agency (ENISA) and supported technically by the Joint Research Centre (JRC) of the European Commission. Representatives of all 25 participating countries and the European Union Institutions were involved in the planning of the exercise. The planning process was organised around several workshops. The scenario The exercise scenario revolved around large-scale cyber-incidents in Europe, which affected all participating countries. Fictional adversaries joined forces in a massive cyber-attack against Europe, mainly through Distributed Denial of Service (DDoS) attacks against public electronic services. The affected services were online e-government and financial (e-banking, etc.) services. Cyber-incidents challenged the public and private sector participants, triggering a need for crosscountry cooperation. Players received information on the scenario (injects) via emails, and had to collaborate using standard procedures and structures in order to assess the situation and agree upon a course of action. Figure 2 depicts the large number of email injects exchanged during the exercise. Figure 2: Email injects send out during the exercise The Players The exercise scenario involved many different players. Overall 571 individuals from 339 organisations around Europe took part in the exercise. There were 25 countries playing in the exercise; the European Union Institutions also played. The organisations involved were from the following groups: the cybersecurity agencies and organisations, the relevant ministries, the e-government service owners, financial institutions and Internet Service Providers (ISPs) and telecommunication service operators. The distribution of players is shown in Figure 3.

6 On National and International Cyber Exercises Figure 3: The distribution of the organisations that actively played in CE2012 Media attention Cyber Europe 2012 attracted considerable attention in the global media. More than 600 articles were published in 19 languages. Many articles quoted Vice-President of the European Commission responsible for the Digital Agenda, Neelie Kroes, stating that Working together at the European level to keep the Internet and other essential infrastructures running is what today s exercise is all about. In addition, Cyber Europe 2012 was mentioned in social media in over six languages. The compilation of media messages in the picture below displays some of the articles published about Cyber Europe 2012.

On National and International Cyber Exercises 7 Key Findings Cyber Europe 2012 produced a series of key findings regarding national-level cooperation, international-level cooperation, and cyber exercises, which are summarised below: National-level cooperation Playing countries, taking cyber security incidents very seriously, responded to the challenges by escalating to their national crisis response cells and/or activating national crisis structures. Frequent cooperation and information exchange at the national level between public and private players took place during the exercise. Some countries experienced challenges in crisis management decision making, even though that was not part of the exercise objectives (e.g., some of the decisions at hand have to be taken at more strategic levels during a crisis). Public private cooperation structures differ from country to country. Parallel and sometimes overlapping public and private national-level procedures sometimes challenged the public private cooperation within countries. The inclusion of private sector organisations as players at the national level provided an excellent improvement on the previous Cyber Europe exercise. International-level cooperation Cyber Europe 2012 has proven to be an excellent opportunity to explore, understand and evaluate existing European cyber cooperation mechanisms. The exercise has strengthened the European cyber-incident management community.

8 On National and International Cyber Exercises All participating countries were fully engaged in the international cooperation phase of the exercise. During the exercise many bilateral and multilateral interactions at the international level took place. Having a set of standard operational procedures and communication tools helped to provide structure and situational awareness during the simulated cyber-crisis. Challenges were identified in the operational procedures, notably in terms of scalability due to the large number of playing countries and institutions. Familiarity with procedures and information flows proved to be crucial for building a fast and effective response capability across Europe. Appropriate and up-to-date technical infrastructures and tools proved critical to ensuring effective cooperation. Cyber Europe 2012 helped to build trust between countries, which is key to successful and timely mitigation activities during real cyber-crises. The exercise has fostered both new and existing relationships. Cyber exercises The European cyber-incident management community considers pan-european exercises as an important tool for evaluating and improving existing cyber-crisis cooperation frameworks. Cyber Europe 2012 has proven extremely useful for testing national contingency measures and levels of preparedness. Cyber exercises are very useful to build trust among different cyber communities. Efficient planning is crucial for conducting an effective, large-scale, and complex exercise. Recommendations Cyber Europe 2012 resulted in the following recommendations: Cyber Europe 2012 proved valuable in enhancing pan-european cyber-incident management. It is therefore important to continue the efforts and further develop the European cyber exercise area. EU Member States and EFTA countries should cooperate towards new pan- European and national cyber exercises in order to enhance transnational cyber-incident management. The Good Practice Guide on National Exercises 1, developed by ENISA, provides additional support in this area. Future cyber exercises should explore inter-sectoral dependencies and be more focused on specific communities. Cyber Europe 2012 provided an opportunity for international-level cooperation and strengthening of the European cyber-incident management community. To foster international cooperation it is essential to facilitate exchange of good practices in cyber 1 http://www.enisa.europa.eu/activities/resilience-and-ciip/cyber-crisis-cooperation/exercises

On National and International Cyber Exercises 9 exercises, lessons learned, expertise and the organisation of conferences. This will ensure a stronger community that is able to tackle transnational cyber-crises. EU Member States and EFTA countries should further improve the effectiveness, scalability of, and familiarity with, existing mechanisms, procedures and information flows for cooperation at national level and with other public authorities in Europe. Lessons learned from Cyber Europe 2012 provide an excellent starting point. All stakeholders in the area of international cyber-crisis cooperation need to be trained on the use of procedures in order to know how to adequately work with them. The involvement of private sector organisations as players was of added value to this exercise. Therefore, EU Member States and EFTA countries should consider the involvement of the private sector in future exercises. The European cyber-incident management community could be strengthened with input from other European critical sectors (e.g. health, transportation) that are relevant to the handling of large-scale crises. Further information on cyber-crisis cooperation and exercises can be found at ENISA s web pages at: http://www.enisa.europa.eu/activities/resilience-and-ciip/cyber-crisis-cooperation

10 On National and International Cyber Exercises P.O. Box 1309, 71001 Heraklion, Greece www.enisa.europa.eu

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information