Interim findings of CYBER EUROPE 2010; a successful ’cyber stress test’ for Europe

Supporting EU-wide cyber-security preparedness exercises is one of the priorities of EU policies, in particular of the Digital Agenda for Europe. 

The Executive Director of ENISA, Dr Udo Helmbrecht commented on the interim conclusions:

”The CYBER EUROPE 2010 exercise was the first successful ’cyber stress test’ for Europe. It fully met its objectives to test Europe’s readiness to face online threats to essential critical infrastructure used by citizens, governments and businesses. We will work closely with Member States to identify and implement the lessons learnt from this exercise. We also encourage Member States to continue their efforts in the area of exercises, both at national and pan European levels. ENISA will strongly support their efforts.”

Some of the interim findings and recommendations of Member States (MS) participants include:

- The exercise fully met its objectives. The scenario was well balanced between technical and communication requirements.

- Exchanging ’lessons-learnt’ with other (national or international) exercises would be useful.

- There is a lack of pan-European preparedness measures to test. This reflects the fact that many Member States are still refining their national approaches.

- The exercise was only the first step towards building trust at pan-European level. More co-operation and information exchange is needed.

- Incident handling in Member States varies a lot due to the different roles, responsibilities and bodies involved in the process. The Member States had difficulties in fully grasping how incidents are managed in other MS.

- There is no need for creating a new pan-European directory of contacts. The existing ones are sufficient but need to be updated and completed regularly.

- ENISA's role in organising and managing future exercises is highly recommended by MS. 

These interim findings and recommendations are only reflecting the initial discussion with MS during the debriefing, and will be followed by a thorough analysis of the status reports, the logs, etc.

Participants

There were 30 European countries involved, 22 actively enacting the scenario and 8 observers. In all, experts from over 70 public sector around bodies responded to +> 320 security ’injects’. Ca 50 cyber experts reacted in the Exercise Control Centre, situated in Athens, and had contact with further 80 experts around Europe.

Organisers

'Cyber Europe 2010' is organised by the EU Member States and supported jointly by the European Network and Information Security Agency (ENISA) and the EU’s Joint Research Centre (JRC).

The exercise planning of seven Member States, JRC and ENISA lasted over a year. This involved six workshops, weekly teleconferences, a ‘dry run’ and numerous trainings at national level. 

Next Steps

The exercise will be evaluated in depth. There will also be evaluations made at national level. These will later be fed into an aggregated public, EU-wide report of the exercise. The full report is to be published at the beginning of 2011.

Policy Context

Digital Agenda for Europe to enhance online trust and security

EU Communication on Critical Information Infrastructure Protection (CIIP) COM(2009) 149

Links

EU Commission Press Release of 4th Nov. (in 23 languages)

ENISA Press Release of 5 Nov, 

Exercise Media FAQs, 

CYBER EUROPE 2010 high resolution logo for media

Photos from the exercise; map, Dr Helmbrecht, exercise.

For interviews, high res. photos, or further details: