Brussels, 4 November 2010
Digital Agenda: cyber-security experts test defences in first pan-European simulation
Europe's cyber security experts are testing their responses today in the first ever pan-European cyber-attack simulation exercise. In "Cyber Europe 2010", experts will try to counter simulated attempts by hackers to paralyse critical online services in several EU Member States. The simulation will be based on a scenario where internet connectivity between European countries would be gradually lost or significantly reduced in all participating countries so that citizens, businesses and public institutions would find it difficult to access essential online services. In the exercise, Member States will need to cooperate with each other to avoid a simulated total network crash. The event is organised by EU Member States with support from the European Network Security Agency (ENISA) and the Joint Research Centre (JRC). Today's exercise is due to be followed by more complex scenarios ultimately going from European to global level. Supporting EU-wide cyber-security preparedness exercises is one of the actions foreseen by the Digital Agenda for Europe (see IP/10/581, MEMO/10/199 and MEMO/10/200) to enhance online trust and security.
Neelie Kroes, Vice President of the European Commission for the Digital Agenda, who is visiting the UK's cyber-attack centre during the simulation exercise, said "This exercise to test Europe's preparedness against cyber threats is an important first step towards working together to combat potential online threats to essential infrastructure and ensuring citizens and businesses feel safe and secure online."
As part of today's "Cyber Europe 2010", experts across Europe will test their responses to a simulated attack from hackers on critical online services. The scenario for the exercise is that Internet connections between European countries are gradually lost or significantly reduced and, at its worst, effectively all major cross-country connections in Europe will be out of use.
In the simulation, citizens, businesses and public institutions would have difficulties to access critical online services (such as eGovernment), unless the traffic from affected interconnections were rerouted. The exercise will be based on a scenario as if, throughout the day, one country after the other increasingly suffered from access problems. All participating Member States will have to co-operate to mount a joint response to the fictitious crisis.
This cyber security exercise aims to enhance Member States' understanding of how cyber incidents are handled and test communication links and procedures in case of a real large-scale cyber incident. The exercise will test the appropriateness of contact points in the participating countries, the communication channels, the type of data exchanges over these channels and the understanding that Member States have of the role and mandate of their counterparts in other Member States.
The cyber security exercise has been organised by the EU's Member States in coordination with the European Network Security Agency (ENISA), and with the support of the European Commission's Joint Research Centre. All EU Member States as well as Iceland, Norway and Switzerland will participate either as active participants or observers. Depending on the country, various Member States' public authorities are involved, such as Communications Ministries, critical information infrastructure protection authorities, crisis management organisations, national computer security incident response teams (CSIRTs), national information security authorities and security intelligence organisations.
ENISA was created in 2004. On 30 September 2010 the Commission proposed to strengthen and modernise ENISA with a view to helping the EU, Member States and private stakeholders to develop their capabilities and preparedness to prevent, detect and respond to cyber-security challenges (see IP/10/1239, MEMO/10/459).
Also on 30 September 2010, the Commission proposed a Directive which would allow the perpetrators of cyber attacks and the producers of related and malicious software to be prosecuted and face heavier criminal sanctions. Member States would be also obliged to quickly respond to urgent requests for help in the case of cyber-attacks, rendering European justice and police cooperation in this area more effective (see MEMO/10/463).