Cyber security experts across the EU are testing their ability to defend against attacks in a simulation on 4 October.
Four hundred specialists from the private and public sectors face 1,200 separate cyber incidents, including more than 30,000 emails, to evaluate response and cooperation if a real sustained attack against public websites and major European banks actually occurred. The exercise, called Cyber Europe 2012, is coordinated by the European Network and Information Security Agency (ENISA) and is a follow-up to a previous exercise in 2010. This year marks the first time banks and internet companies have been part of an EU-wide cyber-attack exercise. It’s the largest ever European exercise of its kind.
“This cooperation is essential given the growing scale and sophistication of cyber-attacks,” European Commission Vice-President Neelie Kroes said. “Working together at European level to keep the internet and other essential infrastructures running is what today's exercise is all about."
Cyber incidents are becoming more frequent. In 2011, web-based attacks increased by 36%. In 2010, four times as many companies (20% of all) reported security incidents that had a financial impact than in 2007 (5% of all). In the next decade, the World Economic Forum experts estimate a 10% increased risk of a major incident involving critical information. Such an event could cause approximately €200 billion in economic damage, according to experts.
Intelligence breeches are also an issue. Classified information about counterterrorism, military capabilities and foreign policy can potentially be hacked. The online spectrum has grown so massive that it makes regulation nearly impossible. Exponential developments constantly make previous measures. It’s also widely believed the perpetrators have up to this point worked more in coordination than experts in the private and public sectors trying to stop attacks.
Before the end of 2012, the European Commission and the European External Action Service plan on presenting a comprehensive strategy on cyber security, focusing on the legislative proposal to improve network and information security across the EU. The proposal will suggest a cooperation mechanism among member states and introduce security requirements for the private sector. In addition, the European Institutions announced the establishment of their own Computer Emergency Response Team(CERT-EU) to protect against cyber threats and incidents in September.
"The EU institutions, like any other major organisations, are frequently the target of information security incidents,” Vice-President Maroš Šefčovič said at the time. “CERT-EU is helping us to improve our protection against these threats. It is a very successful example of what the EU institutions can achieve when they work together. We want our CERT to be amongst the best, closely cooperating with the rest of the CERT community and contributing to cyber security for all."
In August, ENISA released a new report concluding that the lack of transparency and information about incidents made it difficult to understand the overall impact, the root causes and possible interdependencies of security legislation.
In today’s simulation, no real infrastructures are involved. According to a Commission spokesperson for Kroes, ENISA will present a “hot-wash” of initial results Friday afternoon. A comprehensive report will be issued before the end of the year. ENISA plans on holding the simulation annually.