The EU tests its defences in a massive ciber-attack security exercise

On 4 November 2010 EU security experts tried to counter simulated attempts by hackers to paralyse critical online services in several EU Member States. This security drill called "Cyber Europe 2010" will be followed by more complex scenarios ultimately going from European to global level.

In the "Cyber Europe 2010" exercise, crisis managers from all Member States taking part in the simulation had to cooperate between each other to avoid a simulated total network crash. The event, which was organised by EU Member States with support from the European Network Security Agency (ENISA) and the Joint Research Centre (JRC), aimed at testing participants' responses to a simulated attack from hackers on critical online services.

All EU Member States as well as Iceland, Norway and Switzerland participated either as active participants or observers. Depending on the country, various Member States' public authorities were involved, such as Communications Ministries, critical information infrastructure protection authorities, crisis management organisations, national computer security incident response teams (CSIRTs), national information security authorities and security intelligence organisations.

In the simulation, citizens, businesses and public institutions would have difficulties to access critical online services (such as eGovernment), unless the traffic from affected interconnections were rerouted. The exercise was based on a scenario as if, throughout the day, one country after the other increasingly suffered from access problems. Therefore, all participating Member States had to co-operate to mount a joint response to the fictitious crisis.

Cyber incidents crisis management and security in EU communications critical infrastructures

Exercise “Cyber Europe 2010” is part of the support given by the European Digital Agenda to EU-wide cyber-security preparedness exercises and follows the support given by the European Commission to boost Europe's defences against cyber-attacks. It aims to enhance Member States' understanding of how cyber incidents are handled and test communication links and procedures in case of a real large-scale cyber incident.

The exercise tested the appropriateness of contact points in the participating countries, the communication channels, the type of data exchanges over these channels and the understanding that Member States have of the role and mandate of their counterparts in other Member States.