EU Agency ENISA Issues Final Report and Video Clip on 'Cyber Europe 2010'; the First Pan-European Cyber Security Exercise for Public Bodies

By Enisa - European Network And Information Security Agency, PRNE
Saturday, April 16, 2011

BRUSSELS and HERAKLION, Greece, April 18, 2011 - The EU's cyber security agency, ENISA, has issued its final
report (
www.enisa.europa.eu/act/res/cyber-europe-2010/cyber-europe-2010-report/at_download/file)
on the first Pan-European cyber security exercise for public bodies, 'Cyber
Europe 2010'. The report underlines the need for more cyber security
exercises in the future, increased collaboration between the
Member States and the importance of the private sector in ensuring IT
security. ENISA has also released an online video clip to support the report.

To view the Multimedia News Release, please click:

multivu.prnewswire.com/mnr/prne/enisa/48902/

Supporting EU-wide exercises concerning cyber-security
preparedness is a priority for the EU within its 'Digital Agenda for Europe',
in order to ensure that businesses and citizens are secure when they are
online.

The 'Cyber Europe 2010' exercise was conducted on the 4th of
November, 2010. Its objective was to trigger communication and collaboration
between countries in the event of large-scale cyber-attacks. Over 70 experts
from the participating public bodies worked together to counter over 300
simulated hacking attacks aimed at paralysing the Internet and critical
online services across Europe. During the exercise, a simulated loss of
Internet connectivity between the countries took place, requiring
cross-border cooperation to avoid a (simulated) total network crash.

Evaluation of the exercise was conducted at three levels:

1. National;

2. Pan-European; and

3. Overall.

The report's key findings include that:

- Member States' Information Technology bodies communicate in a wide
variety of ways. Harmonisation of standard operating procedures would lead to
more secure and efficient communications between them.

- The ability of participants to find the relevant points of contact
within organisations varied. In the event of a real crisis, some 55 % of
countries were not confident they would be able to quickly identify the right
contact, even with the available directories.

- Participants were evenly divided about if a 'Single Point of Contact'
(SPOC) or 'Multiple Points of Contact' (MPOC) would be better. A SPOC would
be easier; however, realistically today there are multiple points of contact.
Having MPOC also avoids there being a single point of failure.

The report's main recommendations include that:

- Europe should continue to hold exercises in Critical Information
Infrastructure Protection (CIIP): 86% of the participants found the 'dry run'
either 'very' or 'extremely' useful.

- The private sector can contribute value to future exercises by
increasing levels of realism.

- The 'Lessons Identified' should be exchanged with those holding other
(national or international) exercises.

- Member States should be well organised internally by, for example,
developing and testing national contingency plans and exercises. European
countries are organised nationally in a variety of ways. Given the
differences in structures and process, it is vital to know whom to contact.
The dialogue on the necessity of a SPOC or MPOC at the EU level should
continue, and ENISA can be the facilitator of this.

- A roadmap for pan-EU exercises should be created. This would include a
definition of standard procedures and structures for large scale events

"The Cyber Europe report identifies how we can make our online economic
and social activities more secure. ENISA is dedicated to supporting European
exercises, processes and plans to protect the Information Communications
Technology infrastructure, on which we are all increasingly dependent," says
Prof. Udo Helmbrecht, Executive Director of ENISA.

A video clip on 'Cyber Europe 2010' is available here (
https://www.enisa.europa.eu/media/news-pictures)

For background:

Critical Information Infrastructure Protection (CIIP) Action Plan
(ec.europa.eu/information_society/policy/nis/strategy/activities/ciip/index_en.htm),
Digital Agenda (
ec.europa.eu/information_society/digital-agenda/index_en.htm) and the
recent Communication on CIIP of 30/03/2011 (
ec.europa.eu/information_society/policy/nis/docs/comm_2011/comm_163_en.pdf)

For full report:

www.enisa.europa.eu/act/res/cyber-europe-2010/cyber-europe-2010-report/at_download/file

(Due to the length of these URLs, it may be necessary to copy and paste
the hyperlinks into your Internet browser's URL address field. Remove the
space if one exists.)

For interviews, or further details: Ulf Bergstrom, Spokesman, ENISA,
press at enisa.europa.eu, Mobile: + 30-6948-460-143, or Panagiotis Trimintzios,
Expert, ENISA, panagiotis.trimintzios Q enisa.europa.eu.

YOUR VIEW POINT
NAME : (REQUIRED)
MAIL : (REQUIRED)
will not be displayed
WEBSITE : (OPTIONAL)
YOUR
COMMENT :