October 31, 2016
Guest blog post by Udo Helmbrecht, Executive Director at ENISA.
It’s just another day for businesses and citizens across Europe. Except it’s not. Without warning, almost all internet services are offline. A spate of customer data leaks follows; then a city-wide blackout, and a fire in a data-centre. Rumours surface of a shadowy organisation attempting to undermine the EU’s digital economy. It’s clear, Europe’s cyber defences are under siege.
This sounds like the plot of a Hollywood blockbuster. In reality, it’s the scenario over 300 organisations and 700 technical experts were faced with during Cyber Europe 2016, the EU’s largest and most comprehensive cybersecurity exercise. Organised by ENISA, the EU Agency for Network and Information Security, the flagship event is organised every two years with the intention of testing Europe’s preparedness for a major cybersecurity incident.
We need the practice. Europe’s economic welfare is increasingly rooted in its provision and exploitation of digital services. This provides massive opportunities for growth, job creation and social prosperity, with the Digital Single Market set to contribute €415 billion per year to our economy. But it also makes us vulnerable. The connected nature of our world is a prime target for cyber criminals looking to perform industrial reconnaissance, tamper with customer data, manipulate stock markets, or even sabotage critical infrastructures.
In our increasingly borderless online world, where hackers can create chaos at the click of a mouse we need to work together across borders and siloes to ensure Europe can stand up to such attacks. Just last week, a distributed denial of service (DDoS) attack disrupted dozens of popular websites across the U.S. What was unusual about this incident is that it exploited a huge number of Internet of Things (IoT) devices simultaneously to launch the coordinated attacks – demonstrating once more how ingenious cyber criminals can only be thwarted through international cooperation.
With this in mind, the 2016 Cyber Europe exercise gathered together Members States’ cybersecurity agencies, EU institutions and national ministries, and cybersecurity experts from internet, telecoms and cloud service providers. All were focused on securing Europe’s digital defences within a fictional scenario which unfolded across the last six months and culminated in last week’s two-day exercise – the largest, most realistic and most comprehensive to date.
Our scenario painted a picture of what a series of unprecedented, coordinated and devastating cyber-attacks targeted at Europe might look like. We took inspiration from past events and realistic future possibilities, factoring in common cybersecurity vulnerabilities related to the Internet of Things, cloud computing, mobile malware, and even drones. The scenario was framed in the context of our current economic and political climate, with simulated media coverage, social media activity and public backlash adding to the heightened sense of realism for participants.
Europe has already made much progress in the area of cybersecurity preparedness and mitigation efforts. The recently-adopted Network and Information Security (NIS) Directive, for instance, is a major step forward for our ability to deal with large-scale, cross-border cyber incidents.
But as the European Commissioner for the Digital Economy Günther Oettinger has rightly pointed out, we are only as strong as our weakest link. Effective cybersecurity demands constant vigilance for new threats and modes of attack. It’s not a state, but a process. That’s why exercises like this, which give Europe’s foremost cybersecurity professionals a chance to analyse complex incidents and rehearse appropriate response measures, are essential.
Equally important is the ability to translate learning into concrete outcomes. Following the cyber exercise climax, we’ll be analysing the outcomes in conjunction with Member States, with a view to establishing a list of actions which can be taken to further improve Europe’s overall cybersecurity. Cyber Europe 2016 may be over, but efforts to secure Europe’s cyber defences are ongoing. Through increased cross-border collaboration and information-sharing, we can ensure Europe’s digital revolution can continue apace – safely, securely, and with confidence.Blogactiv Team