The ENISA (European Network and Information Security Agency) - Europe’s cyber security agency - released its final report on the first Pan-European cyber security exercise, “Cyber Europe 2010”. The exercise was conducted back in November 2010 as a way to trigger communication and collaboration between countries and as a step for strengthening Europe’s cyber defenses in the event of large-scale cyber-attacks.
According to the report’s key findings:
• Member States’ Information Technology bodies communicate in a wide variety of ways. Harmonization of standard operating procedures would lead to more secure and efficient communications between them.
• The ability of participants to find the relevant points of contact within organizations varied. In the event of a real crisis, some 55 % of countries were not confident they would be able to quickly identify the right contact, even with the available directories.
• Participants were evenly divided about if a ‘Single Point of Contact’ (SPOC) or ‘Multiple Points of Contact’ (MPOC) would be better. A SPOC would be easier; however, realistically today there are multiple points of contact. Having MPOC also avoids there being a single point of failure.
The report’s main recommendations include that:
• Europe should continue to hold exercises in Critical Information Infrastructure Protection (CIIP): 86% of the participants found the ‘dry run’ either ‘very’ or ‘extremely’ useful.
• The ‘Lessons Identified’ should be exchanged with those holding other (national or international) exercises.
• Member States should be well organized internally by, for example, developing and testing national contingency plans and exercises. European countries are organized nationally in a variety of ways. Given the differences in structures and process, it is vital to know whom to contact. The dialogue on the necessity of a SPOC or MPOC at the EU level should continue, and ENISA can be the facilitator of this.
• A roadmap for pan-EU exercises should be created. This would include a definition of standard procedures and structures for large scale events.
The full report can be downloaded here:
Friday, April 22, 2011
ENISA issues final report on ´Cyber Europe 2010´