Pan-European ‘Cyber Europe’ Called Only First Step
The European Union’s first pan-European cyber exercise, which began Thursday, was meant to “test Europe’s preparedness against cyber threats [and] is an important first step towards working together to combat potential online threats to essential infrastructure and ensuring citizens and businesses feel safe and secure online,” said Neelie Kroes, Vice President of the European Commission and Digital Agenda Commissioner, who visited the U.K.’s cyberattack center during the simulation. The EC said the exercise “is due to be followed by more complex scenarios ultimately going from European to global level."
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Udo Helmbrecht, head of the European Network and Information Security Agency (ENISA), said the Union wants to have national and pan-European cyber exercises on a regular basis. ENISA organized and managed Cyber Europe jointly with the EU Joint Research Centre (JRC). One national cyber exercise was planned in Estonia later this year, Helmbrecht told us. The attack on the national Internet infrastructure in Estonia in 2007 accelerated the pace of the EU activities with regard to critical infrastructure protection.
Cyber Europe 2010 brought together most of the member states plus Norway, Iceland and Switzerland, and really was a first step, said Helmbrecht. It was focused on the communication of public authorities and agencies responsible for responses to threats. Authorities involved were Communications Ministries, critical information infrastructure protection authorities, crisis management organizations, national computer security incident response teams (CSIRTs), national information security authorities and security intelligence organizations all over Europe.
The task force of member states gathered at the ENISA office in Athens to respond to simulated attacks. The attacks were simulated by a second group. A third group at the ENISA offices was set up to report on the incident handling, with a full report due in January next year.
Helmbrecht said the focus on member states in this first exercise was deliberate to allow member states a first taste: “When it comes to attacks on your infrastructure, this is also an issue of national security, it is a sensitive topic.” But he said he was aware that network and Internet service providers must be included in future Cyber Europe editions. “It’s the second step,” said Helmbrecht. For the future he could envisage scenarios like an attack on financial networks, he said: “There we certainly need to include industry and ISPs."
Compared to the U.S. Cyberstorm program, Cyber Europe remains a modest start, Helmbrecht said. ENISA expert Evangelos Ouzounis, who participated as an ENISA observer in the Cyberstorm 3 exercise, said the latter involved around 2,000 people from authorities and private companies. The first Cyber Europe brought together 50 member state representatives and ENISA experts in Athens and around 150 in the member countries. ENISA’s budget to organize Cyber Europe was 100,000 euro ($142,000). The Cyberstorm program budget is about $3 million.