Exercise in cybersecurity tests EU’s ability to counter cross-border threat

The EU’s cyber-security agency ENISA (the European Network and Information Security Agency) is calling for a more integrated global cyber-exercise community to ensure exchange of good practices on cyber-exercises, including public-private cooperation, to combat the increasing threat of cross-border cyber incidents and attacks.

ENISA says cyber-exercises are an important tool to assess the preparedness of a community against cyber-crises, technology failures and critical information infrastructure incidents.

Its latest report, National and International Cyber Security Exercises: Survey, Analysis and Recommendations, examines 85 national and international cyber-exercises between 2002 and 2012. Twenty two European countries, including the UK, have conducted national cybersecurity exercises in recent years.

The executive director of ENISA, Professor Udo Helmbrecht, said: “The ENISA study shows that a broad consensus exists for cyber-exercises being an essential instrument to assess the preparedness of a community against cyber-crises and to enhance the responsiveness of stakeholders against critical information infrastructure incidents. Based on the report results, we will see a growing number of multi-national exercises, like our recent Cyber Europe 2012 – in which more than 300 cybersecurity professionals across Europe joined forces to counter a massive simulated cyber attack – involving also the private sector.”

Key findings in the report include:
•Cybersecurity and cyber-crisis cooperation efforts are receiving ever more attention;
•There is an essential need to intensify public-private cooperation on cyber-exercises, as the ownership of most of the critical information infrastructures lies in private hands; and
•Proper planning, monitoring and evaluation methods are crucial for effective cyber-exercises.

Sixty four per cent of the multi-national exercises involved more than ten countries, 13 per cent involved six to ten countries and 13 per cent involved three to five countries. In 57 per cent of the exercises, both the public and private sector participated, while 41 per cent involved only the public sector.

The report recommends support for the development of exercise management tools for better exercise planning, execution and evaluation.

It also says that more complex cyber-exercises at inter-sectorial, international and European levels should be conducted and these exercises should be included in the lifecycle of national cyber-crisis contingency plans.

Other recommendations include:
•Promote good practice for national exercises and initiate a step-by-step methodology for cross-border cyber-exercises; and
•Develop feedback mechanisms for ensuring that lessons learnt from cyber-exercises are implemented, resulting in enhanced cyber-crisis preparation.

Speaking at last month’s ISSE (Information Security Solutions Europe) 2012 event in Brussels, Steve Purser, head of technical with ENISA, said advances in cybersecurity were most likely to be achieved through political cooperation between various organisations, rather than a single body controlling most aspects of the security technologies.

He added that because of the industry’s tendency to class cybersecurity as separate from classic IT security (anti-virus, anti-malware, etc), there was a danger that users and vendors may re-invent the wheel when it comes to developing strategies and technologies to counter the security threat.
He said a better mechanism was needed for building communities to address common cybersecurity problems being experienced, adding that effective cybersecurity was not about enforcing security processes across borders, but across communities. Security solutions must be able to inter-operate over national boundaries, he stressed.

Mr Purser said the good news was that most EU member states now had comprehensive cyber-criminal strategies in place and the EU Cybersecurity Strategy was now in progress and was expected to be announced be