Established as the main EU civil cybersecurity exercise, Cyber Europe 2018 took place on 6 and 7 June.
ENISA has compiled all the information gathered during the exercise and produced an after-action report and a closure video, identifying challenges and main takeaways, and making useful recommendations for the participants.
The main conclusion drawn is that the EU-level cooperation has improved considerably over the last years, becoming more mature and effective. Cyber Europe 2018 proved that the European Union is well equipped to respond to cyber crises. To this extent, the technical challenges of the exercise provided an excellent opportunity for the cybersecurity teams to enhance their capabilities and expertise in dealing with a variety of challenges. The operational capacity and technical skills of all participants were at the highest level.
Udo Helmbrecht, Executive Director of ENISA, commented: “Cyber Europe 2018 highlighted the importance of cooperation between national authorities, security providers, and potential victims of a cyber-attack. It proved once again that cybersecurity is a shared responsibility, and extreme incidents can be tackled best only by information exchange and collaboration. All participants did a great job in following business processes, agreements, communication protocols, and regulations to mitigate effectively the situations presented to them. ENISA values very much these capacity-building exercises, and will continue to provide such services for the EU Member States, especially in light of the new mandate of the agency.”
The key findings and recommendations include:
- The report reveals that EU Member States have improved their cooperation at technical level. The CSIRTs Network can easily address minor issues related to cooperation structures and tools, mainly by organising regular cyber-exercises, trainings and communication checks;
- In addition, the key actors will define and test the procedures and tools that are necessary for the implementation of the framework on coordinated response to large-scale cyber crises, also known as ‘Blueprint’ (1);
- At national level, the cybersecurity authorities should develop procedures and tools for a coordinated response, including structured cooperation and information exchange between private and public institutions. After the establishment of such procedures, the responsible actors should test them regularly by organising cyber exercises;
- One major issue is the shortage of IT security specialists. The private sector should set IT security as a priority and invest in resources and expertise, especially the operators for essential services, such as aviation, energy, finance, healthcare, maritime, and transport;
- Public and private organisations must ensure that they have crisis communication protocols in place and that personnel in sensitive positions are aware of these protocols.
Organised by ENISA in collaboration with cybersecurity authorities and agencies from all over Europe, Cyber Europe 2018 focused on the aviation sector and enabled the European cybersecurity community to strengthen their capabilities in identifying and tackling large-scale threats, as well as to provide a better understanding of cross-border incident contagion.
ENISA orchestrated the two-day exercise at its headquarters in Athens, bringing together over 900 European cybersecurity specialists from 30 countries (2). They had to deal with over 23 200 injects throughout the exercise, depicting cyber-attacks at major European airports, takeovers of official communication channels, disinformation in the media and social media and many other issues.
About Cyber Europe exercises
‘Cyber Europe’ exercises are simulations of large-scale cybersecurity incidents that escalate to EU-wide cyber crises. The exercises offer opportunities to analyse advanced cybersecurity incidents, and to deal with complex business continuity and crisis management situations. ENISA has already organised four pan-European cyber exercises in 2010, 2012, 2014 and 2016.
International cooperation between all participating organisations is inherent to the gameplay, with most European countries participating. It is a flexible learning experience: from a single analyst to an entire organisation, opt-in and opt-out scenarios, the participants can customise the exercise to their needs.
Note to editors
(1) Participating countries: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, Switzerland, United Kingdom.
(2) Key actors involved in the ‘Blueprint’: Computer Security Incident Response Teams network, the European Union Agency for Network and Information Security (ENISA), the European Cybercrime Centre at Europol, the EU Intelligence Analysis Centre (INTCEN), EU Military Staff Intelligence Directorate (EUMS INT) and Situation Room (Sitroom) working together as SIAC (the Single Intelligence Analysis Capacity), the EU Hybrid Fusion Cell (based in INTCEN), the Computer Emergency Response Team for the EU institutions (CERT-EU), and the Emergency Response Coordination Centre in the European Commission.