ENISA cyber war games highlight scalability challenges

News 1 Feb, 2013

Public and private sector put through paces in simulated Europe-wide cyber attack.

The European Network and Information Security Agency (ENISA) has reported the results of its Cyber Europe 2012 security exercise.

While the overall simulation has been considered a success, it is also reported to have highlighted the need for scalability in defending nations’ online assets.

The simulated cyber attack, which involved what ENISA has called “large-scale cyber-incidents” affecting 25 participating countries, took place on 4 October 2012.

“Fictional adversaries joined forces in a massive cyber-attack against Europe, mainly through Distributed Denial of Service (DDoS) attacks against...online e-government and financial services,” said the agency.

“Players...had to collaborate using standard procedures and structures in order to assess the situation and agree upon a course of action,” it continued.

With so many players trying to cope with such a wide-scale attack, ENISA said the exercise brought to light the challenges in operational procedures “notably in terms of scalability”.

Additionally, while ENISA said the inclusion of the private sector was “an excellent improvement on the previous Cyber Europe exercise”, parallel or overlapping public and private procedures were identified as a problem.

In conclusion, ENISA said: “EU Member States and European Free Trade Association (EFTA) countries should further improve the effectiveness, scalability of, and familiarity with existing mechanisms, procedures and information flows for cooperation at a national level and with other public authorities in Europe.”

“EU Member States and EFTA countries should [also] cooperate towards new pan-European and national cyber exercises in order to enhance transnational cyber-incident management.”