Stronger together: ENISA releases Cyber Europe 2014 After Action Report
September 2015 by ENISA
ENISA releases today the public version of the After Action Report of the pan-European cybersecurity exercise Cyber Europe 2014 (CE2014). This report, approved by the Member States, gives a high-level overview of the complex cybersecurity exercise that was carried out in 2014.
The main goal of Cyber Europe 2014 was to train Member States to cooperate during a cyber-crisis. The three-phased exercise provided opportunities to assess the effectiveness of cooperation and escalation procedures during cross-border cyber incidents which impact the security of vital services and infrastructure, while testing national capabilities and contingency plans involving both public and private sector organisations.
The exercise, organised by ENISA on a biannual basis, was planned jointly with representatives from the participating countries and required six (6) planning conferences across Europe. This exercise, which brought together over 1,500 participants from 29 EU and EFTA Member States, covered for the first time all three (3) phases of cyber incident response - technical, operational and strategic - each escalating into the next phase involving:
Phase 1 - Technical level (28-30 April 2014, 49 hours): Incident detection, analysis and mitigation, information exchanges. Phase 2 - Operation level (30 October 2014, 10 hours): Alert, cooperation, short term crisis mitigation, development of a common situational picture. Phase 3 - Strategic level - tested for the first time - (25 February 2015): Decision making based on the common situational picture, high level policy debates on long-term strategic crisis mitigation.
The report shows that the common ability to mitigate large-scale cybersecurity incidents in Europe, has progressed significantly since 2010, when the first Cyber Europe exercise was carried out. Sharing real-time information among countries is proving valuable for swift decision-making. The EU Standard Operational Procedures (EU-SOPs) used to support these cooperation activities, provide Member States with guidelines, which they can use in the face of large-scale cybersecurity incidents. These will be improved further taking into account the evolving cyber security policy context in Europe.
Cooperation was highlighted as a key element contributing to increased understanding, trust building, and faster response. The Cyber Exercise Platform (CEP) developed by ENISA for the exercise planning, conduct and evaluation, proved to be a powerful tool. The CEP is currently being further developed by ENISA in order to host future cyber exercises and technical scenarios. Ninety-eight per cent (98%) of participants of the technical phase indicated interest to participate in the next exercise.
ENISA’s Executive Director Udo Helmbrecht stated: “The lessons learnt from Cyber Europe 2014 are numerous and provide the basis for ground breaking work in the area of cyber crisis cooperation, an emerging field which EU and ENISA are leading. We are committed to implement the action plan, with the support of Member States, to further improve cyber crisis preparedness both at national and the EU level.”
The scenario of Cyber Europe 2014 revolved around an EU regulatory proposal related to energy resources. During the technical phase of the exercise the Member States and the EU Institutions had to deal with cyber-incidents such as exfiltration of information, open source intelligence, mobile phone malware analysis, to denial of service attacks and advanced persistent threats. The operational phase of Cyber Europe 2014 followed on with the escalation of the situation that led to a series of large-scale cyber-attacks on various critical infrastructures and numerous online services. Finally, the strategic phase of Cyber Europe 2014 escalated the crisis further, with several energy infrastructures severely impacted in the midst of a harsh winter, key critical technologies breached, and an increasingly worried public opinion.
For full report: please click here.