The
Cyber Europe 2014 exercise was organised by the Crete-based European
Union Agency for Network and Information Security (ENISA) and was
carried out by 200 organisations and some 400 cyber security
professionals from in and around the EU last week.
Representatives came from 29 EU member states - and those in the EU Free Trade Space, and the war games reportedly consisted of 16 ‘technical' exercises said to be “similar to recent real life cases”.
ENISA officials said that the event was
designed to simulate unrest and political crisis at a pan-European
level, and to test cyber security response across public and private
sectors. A spokesman for the group told SCMagazineUK.com that the
objective of this first phase was to “analyse how the events escalate
and de-esclate, to understand these processes at all technical,
operational, and strategic levels, as well as to understand the related
public affairs issues linked to cyber threats.”
“All these issues were properly tested, as in a 'cyber stress test'," said ENISA via email.
The
exercise, which is due to be followed up by ‘operational/tactical' and
‘strategic/political' events from ENISA later in the year - has,
however, come in for stinging criticism.
"The
main concern is national governments' reluctance to co-operate,"
Professor Bart Preneel, an information security expert from the Catholic
University of Leuven, in Belgium, told AFP prior to the war games
taking place.
"You
can carry out all of the exercises you want, but cyber security really
comes down to your ability to monitor, and for that, national agencies
need to speak to each other all the time," Preneel added.
Another
expert, who wished to remain anonymous, further added that the war
games may have done little more than act as a communication exercise.
“Cross-border
crises are hard to conceive especially if they are multi-sector, because
different sectors will have different vulnerabilities,” said the
source.
“Different
countries will have different response models so trying to dovetail
hundreds of different players is a huge challenge considering that you
want them to do even one thing in sync or correctly. These war games are
never designed to test whether they all have defences that are up to
the job of combating the latest malware, only the older recognised
malware, so the objectives of this stage will be coordination and
communication; and a catch up exercise to get everyone on the same page
before the next phase.
The source added that the war game would only have the optimum effect if it prepared companies for the 'unexpected'.
“This year's
war game is a step up from previous years with more technical demands of
the participants than previously. This is a valuable exercise if they
are looking at as many as 16 different types of case studies, but any
real attack will have surprises that they did not expect, and the key
question of any war game is how did it prepare them for the
‘unexpected'.
In an email exchange with SCMagazineUK.com, ENISA
spokesman Ulf Bergström defended the programme, while stressing the
need for strong inter-state collaboration on the latest threats.
“We
do not recognise such claims,” he said of the criticisms. “This was not
the first time Cyber Europe was organised, rather the third time; 2010,
2012 and now 2014. Increasingly its scope, maturity and importance has
grown for all participating member states and organisations, and also
gained trust in the set up,” he told SCMagazineUK.com.
He
added: “This exercise has demonstrated that strong cross-border
cooperation is necessary for the EU member states, and the public and
private sector.
“This
kind of cooperation between the EU and EFTA countries is crucial for
the strengthening of cross border, transnational cyber-incident
management. The importance of this exercise is to learn whom to
contact, to build trust in between the actors in Europe. This enables us
build trust, to exchange best practices, procedures, cyber exercises,
lessons learned, and expertise which are all paramount for ensuring a
stronger community that is able to tackle transnational cyber-crises.
“We
have all come out of the first part of this exercise very much
strengthened, with the biannual event involving the energy and telecoms
sector this time .”
Crucially, though, he added that as ENISA has no power over governing bodies, it can only recommended changes.
Collaboration in the cyber-crime space has been a hot topic of late, with EC3 head Troels Oerting saying last week – ahead of the EU Cybercrime Coalition (announced yesterday) – that it's the only way of beating cyber criminals.
“On 5 May we will see the launch of the EU Cybercrime Coalition, which will bring together more than 20 banks in the region to share information with each other and with us,” he said.
“On 5 May we will see the launch of the EU Cybercrime Coalition, which will bring together more than 20 banks in the region to share information with each other and with us,” he said.
“{We]
need to understand that [cyber crime] is a combined task, not just for
police and law enforcement but for society too,” he told attendees at
the time.
In related news, officials from the
Japanese government are to meet with the European Union to discuss the
possibility of joined-up cyber security efforts, in light of mounting
attacks emanating from China, Russia, North Korea, Iran and some
organised cyber criminal groups. Japan has already held meetings with
the United States and the UK.