The scope, scale and complexity of “Cyber Europe 2012” in figures:
- Twenty-nine EU (European Union) and EFTA (European Free Trade Association) Member States were involved in the exercise; twenty-five as active players and four as observers. In addition, several EU-Institutions also participated.
- Overall, 339 organisations took part, totalling 571 individual players being exposed to thousands of incidents (‘injects’). They included: cyber-security agencies and organisations, relevant ministries, e-government services, financial institutions (60), Internet Service Providers (ISPs) (60), and telecommunication operators.
- The majority (88%) of the exercise players rated it positively.
- Cyber Europe 2012 attracted considerable global media attention; more than 600 articles were published in 19 languages.
Key Findings (excerpts)
- Knowledge of procedures and information flows is crucial for fast and effective response
- Frequent cooperation and information exchange between public and private players is necessary
- Public–private cooperation structures differ among countries. Parallel, and sometimes overlapping, public and private procedures on the national level thus challenged national level cooperation
- Countries faced challenges in crisis management decision making, although this was not included in the exercise objectives (e.g., decisions have to be taken at more strategic levels)
- Scalability of operational procedures was a challenge, due to the large number of countries
- Up-to-date technical infrastructures and tools were critical for effective cooperation
- Efficient planning is crucial for conducting large-scale exercises
- More pan-European and national cyber exercises are necessary to improve cross country cyber crisis cooperation, which the ENISA Good Practice Guide on National Exercises supports.
- EU Member States and EFTA countries should improve the effectiveness, scalability, and knowledge of existing mechanisms, procedures and information flows for both national and international cooperation
- More training in crisis procedures is necessary for all cyber-crisis stakeholders
- Increased private sector involvement at the national level should be considered for future exercises
- Input from other European critical sectors (e.g. energy, transportation) is a good next step.
The Executive Director of ENISA, Professor Udo Helmbrecht, concluded: “Cyber Europe 2012 was an important milestone to build trust, to better understand the existing European cyber cooperation mechanisms, and to strengthen Europe’s cyber-incident management”